{"id":27182784,"url":"https://github.com/fraadap/sql-injection-analysis","last_synced_at":"2026-05-08T14:03:28.978Z","repository":{"id":286823741,"uuid":"962666590","full_name":"fraadap/SQL-injection-analysis","owner":"fraadap","description":"CyberSecurity exam project (Bachelor Degree, course academic year 2023/2024). Goal is been implement a simple website with two different version: critical to SQL injection attacks and secured implementing contromisures. A specific time-attack strategy is been conceived.","archived":false,"fork":false,"pushed_at":"2025-04-08T14:06:31.000Z","size":693,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-09T15:16:57.129Z","etag":null,"topics":["linux","php","sql","sql-injection","sql-injection-attacks"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fraadap.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-04-08T13:50:25.000Z","updated_at":"2025-04-08T14:06:35.000Z","dependencies_parsed_at":"2025-04-08T15:24:07.185Z","dependency_job_id":"930eeca7-4964-4e18-b2d1-bc7c72d56e5e","html_url":"https://github.com/fraadap/SQL-injection-analysis","commit_stats":null,"previous_names":["fraadap/sql-injection-analysis"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fraadap%2FSQL-injection-analysis","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fraadap%2FSQL-injection-analysis/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fraadap%2FSQL-injection-analysis/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fraadap%2FSQL-injection-analysis/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fraadap","download_url":"https://codeload.github.com/fraadap/SQL-injection-analysis/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248055268,"owners_count":21040157,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["linux","php","sql","sql-injection","sql-injection-attacks"],"created_at":"2025-04-09T15:17:01.249Z","updated_at":"2026-05-08T14:03:23.931Z","avatar_url":"https://github.com/fraadap.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# 🔒 SQL Injection: Vulnerability Analysis \u0026 Secure Implementation\n\n![GitHub](https://img.shields.io/badge/PHP-7.4.33-777BB4?logo=php)\n![GitHub](https://img.shields.io/badge/PostgreSQL-13.14-4169E1?logo=postgresql)\n![GitHub](https://img.shields.io/badge/Apache-2.4-D22128?logo=apache)\n\nA comprehensive academic project demonstrating **SQL Injection (SQLi)** attacks, their impact on the CIA triad (Confidentiality, Integrity, Availability), and robust countermeasures. Built with PHP, PostgreSQL, and Apache, this project includes **two versions**: a **vulnerable system** for attack demonstrations and a **secure system** implementing best practices.\n\n---\n\n## 📖 Table of Contents\n- [Key Features](#-key-features)\n- [Attack Demonstrations](#-attack-demonstrations)\n- [Prevention Measures](#-prevention-measures)\n- [Installation](#-installation)\n- [Usage](#-usage)\n- [Experimental Results](#-experimental-results)\n- [Technologies Used](#-technologies-used)\n- [License](#-license)\n\n---\n\n## 🚀 Key Features\n- **Dual System Architecture**:\n  - **Vulnerable Version**: Intentionally insecure to demonstrate SQLi attacks.\n  - **Secure Version**: Implements defenses like parameterized queries, RBAC, and password hashing.\n- **CIA Triad Analysis**: Shows how SQLi compromises Confidentiality, Integrity, and Availability.\n- **Interactive Web Interface**: Login, registration, and real-time article search with AJAX.\n- **Blind SQLi Script**: Automated script (`blindInjection.js`) for inferring table/column names via time-based or inferred-data attacks.\n\n---\n\n## 💥 Attack Demonstrations\n### 1. **Tautology Attack**\n   - **Goal**: Bypass login authentication using always-true conditions.\n   - **Input**: `' OR '1'='1` in username/password fields.\n   - **Query**: \n     ```sql\n     SELECT * FROM users WHERE username = '' OR '1'='1' AND password = '' OR '1'='1';\n     ```\n\n### 2. **End-of-Line Comment Attack**\n   - **Goal**: Ignore password checks by truncating queries.\n   - **Input**: `' OR id=4 --` in the username field.\n   - **Query**:\n     ```sql\n     SELECT * FROM users WHERE username = ' ' OR id=4 -- AND password = 'any';\n     ```\n\n### 3. **Piggybacked Query Attack**\n   - **Goal**: Execute additional malicious queries (e.g., delete tables, extract data).\n   - **Input**: `'; DELETE FROM users; --` in search fields.\n   - **Result**: Drops all user data.\n\n### 4. **Blind SQL Injection**\n   - **Time-Based**: Uses `pg_sleep(1)` to infer table/column names.\n   - **Inferred-Data**: Analyzes HTML responses to guess names recursively.\n\n---\n\n## 🛡️ Prevention Measures\n### 1. **Parameterized Queries**\n   - Uses PostgreSQL's `pg_prepare()` and `pg_execute()` to separate SQL logic from user input.\n   - Example:\n     ```php\n     $result = pg_prepare($connection, \"login_query\", \"SELECT * FROM users WHERE username = $1\");\n     $result = pg_execute($connection, \"login_query\", array($username));\n     ```\n\n### 2. **Password Hashing**\n   - **BCrypt** hashing with random salts via PHP’s `password_hash()` and `password_verify()`.\n\n### 3. **Role-Based Access Control (RBAC)**\n   - Three roles with least-privilege access:\n     - **`user_role`**: `SELECT` on articles, `INSERT` on users.\n     - **`shop_role`**: `INSERT`/`DELETE` on shops/articles.\n     - **`admin_role`**: Full privileges.\n\n### 4. **Output Sanitization**\n   - Escapes HTML characters using `htmlspecialchars()` to prevent XSS.\n\n---\n\n## 📥 Installation\n1. **Clone the Repository**:\n   ```bash\n   git clone https://github.com/yourusername/sql-injection-demo.git\n   cd sql-injection-demo\n\n2. **Set Up Apache \u0026 PostgreSQL**:\n    \n    bash\n    \n    Copy\n    \n    sudo apt update\n    sudo apt install apache2 postgresql php libapache2-mod-php\n    sudo systemctl start apache2 postgresql\n    \n3. **Initialize the Database**:\n    \n    bash\n    \n    Copy\n    \n    cd db-scripts\n    sudo sh create.sh  # Creates tables, test data, and roles\n    \n4. **Configure Permissions**:\n    \n    - Update database credentials in PHP files (e.g., `check-login.php`).\n        \n\n---\n\n## 🖥️ Usage\n\n1. **Access the Web Interface**:\n    \n    - Navigate to `http://localhost/login.php`.\n        \n    - Test attacks on the **vulnerable version** or explore the **secure version**.\n        \n2. **Run Blind SQLi Script**:\n    \n    - Use `blindInjection.js` for automated attacks:\n        \n        javascript\n        \n        Copy\n        \n        // Mode 0: Find table names | Mode 1: Find column names\n        blindInjection(0, true, \"article\");\n        \n\n---\n\n## 📊 Experimental Results\n\n|Attack Type|Mode|Time (Seconds)|\n|---|---|---|\n|Inferred-Data (Tables)|0|135.588|\n|Inferred-Data (Columns)|1|170.964|\n|Time-Based (Tables)|0|44.698|\n|Time-Based (Columns)|1|59.606|\n\n---\n\n## 🛠️ Technologies Used\n\n- **Backend**: PHP 7.4.33\n    \n- **Database**: PostgreSQL 13.14\n    \n- **Web Server**: Apache2\n    \n- **Frontend**: HTML, CSS, Bootstrap, AJAX\n    \n- **OS**: Debian 11 (bullseye)\n    \n\n---\n\n**👨💻 Author**: Francesco D’Aprile   \n**🎓 Academic Year**: 2023/2024ù\n\n## Details are in italian documentation in '\\doc ita' \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffraadap%2Fsql-injection-analysis","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffraadap%2Fsql-injection-analysis","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffraadap%2Fsql-injection-analysis/lists"}