SQL Injection Demo: Setup a Vulnerable Web App with Flask (Code Included)

When you fill out an online form on a website, like entering your username and password to login, that data is sent to the backend of the site where it is processed.

When logging in, this process involves checking the credentials against stored data to grant or deny access. However, not all systems implement proper security measures, which can lead to vulnerabilities such as SQL injection attacks.

SQL injection happens when an attacker inputs malicious SQL code through the form fields, potentially compromising the database and allowing unauthorized access to sensitive data and accounts.

---

SQL Injection Vulnerable Web App

To demonstrate SQL injection vulnerabilities in a user authentication system I created an intentionally vulnerable web application using the Python-language web development framework, Flask.

You have the option to download the vulnerable web app and explore it on your own computer. To get started, you only need to have Python installed.

View on GitHub

Features

• User login with predefined credentials.

• Detailed HTML/CSS frontend using Bootstrap.

• Illustrative carousel explaining SQL injection concepts.

• Example inputs to test SQL injection vulnerabilities.

Prerequisites

• Python

• Flask

• SQLite

App Routes

• / (GET): Renders the homepage with the login form.

• /login (POST): Handles user authentication.

• /dashboard (GET): Shows user information post-login.

• /logout (GET): Logs out the user and redirects to the homepage.

---

Setup Instructions

1. Clone or Download the Repository

2. Create a Virtual Environment

python -m venv venv

1.Activate the Virtual Environment

A: On Windows:

venv\Scripts\activate

B: On macOS/Linux:

source venv/bin/activate

2.Install Dependencies

pip install Flask

Running the Script

Execute the script with:

python app.py

Ethical Use

This application is for educational purposes only. It highlights SQL injection vulnerabilities to enhance cybersecurity understanding. Always practice ethical guidelines in security testing.

You can find the code on GitHub: SQL Injection Demo

Comments

[samigo]

it was the nice look and a clear clarification

[samigo]

thank you for your demonstration it is really important concept and the most wanted course you provided i expect you to come again