{"id":17480268,"url":"https://github.com/integeralex/sql-injection-demo","last_synced_at":"2025-06-25T18:33:21.098Z","repository":{"id":237743625,"uuid":"795162158","full_name":"IntegerAlex/sql-injection-demo","owner":"IntegerAlex","description":"This project is a demonstration of a SQL injection vulnerability in a Node.js application using Express.js and PostgreSQL. It showcases how an attacker can exploit such vulnerabilities to execute arbitrary SQL queries and potentially gain unauthorized access to sensitive data in the database. ","archived":false,"fork":false,"pushed_at":"2024-05-02T18:07:26.000Z","size":22,"stargazers_count":1,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-25T19:49:22.610Z","etag":null,"topics":["demo","docker","nodejs","postgresql","sqlinject","sqlinjection"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/IntegerAlex.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-05-02T17:47:06.000Z","updated_at":"2024-05-02T19:25:12.000Z","dependencies_parsed_at":"2024-05-03T04:32:54.333Z","dependency_job_id":"89abca92-35d7-4fd4-8591-e33e38e73d6b","html_url":"https://github.com/IntegerAlex/sql-injection-demo","commit_stats":null,"previous_names":["integeralex/sql-injection-demo"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IntegerAlex%2Fsql-injection-demo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IntegerAlex%2Fsql-injection-demo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IntegerAlex%2Fsql-injection-demo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IntegerAlex%2Fsql-injection-demo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/IntegerAlex","download_url":"https://codeload.github.com/IntegerAlex/sql-injection-demo/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246034276,"owners_count":20712851,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["demo","docker","nodejs","postgresql","sqlinject","sqlinjection"],"created_at":"2024-10-18T21:43:13.296Z","updated_at":"2025-03-28T12:43:56.413Z","avatar_url":"https://github.com/IntegerAlex.png","language":"JavaScript","readme":"# SQL Injection Demo with Express.js and PostgreSQL\n\nThis repository contains a simple Node.js application built with Express.js that demonstrates how SQL injection vulnerabilities can be exploited when interacting with a PostgreSQL database.\n\n## Prerequisites\n\nBefore running the application, ensure that you have the following installed:\n\n- Node.js and npm\n- Docker (for running PostgreSQL in a container)\n\n## Setting Up the Application\n\n### Clone this repository to your local machine\n\n`git clone https://github.com/IntegerAlex/sql-injection-demo`\n\nNavigate to the project directory:\n\n`cd project_directory`\nInstall dependencies:\n\n`npm install`\n\n## PostgreSQL Docker Container\n\nTo run the application, you'll need a PostgreSQL database. You can use Docker to quickly spin up a PostgreSQL container:\n\n`docker run --name my-postgres -e POSTGRES_PASSWORD=mysecretpassword -p 5432:5432 -d postgres`\n\n### Running the Application\n\nOnce the PostgreSQL container is running, you can start the Node.js application:\n\nTO initilize database run the following command:\n`npm run db`\n\nTo start the application, run:\n`npm run dev`\n\nThe application will start listening on port 3000 by default.\n\n## SQL Injection Demo\n\nThe application includes a vulnerable endpoint (/products) that is susceptible to SQL injection. You can perform a SQL injection attack by sending a POST request with malicious input.\n\nHere's an example of a SQL injection payload to retrieve all products from the database:\n\n```sql\n' UNION SELECT ProductID, ProductName, Description, Price, StockQuantity FROM Products; --\n```\n\nYou can use tools like curl, Postman, or any HTTP client to send the malicious request to the /products endpoint and observe the results.\n\nDisclaimer\nThis application is for educational purposes only. SQL injection vulnerabilities can have severe consequences if exploited in a real-world application. Always sanitize and validate user input, use parameterized queries, and implement proper access controls to prevent SQL injection attacks in production environments.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fintegeralex%2Fsql-injection-demo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fintegeralex%2Fsql-injection-demo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fintegeralex%2Fsql-injection-demo/lists"}