{"id":18708581,"url":"https://github.com/va1da5/sqli-sandbox","last_synced_at":"2026-04-14T15:32:18.170Z","repository":{"id":106645960,"uuid":"332059819","full_name":"va1da5/sqli-sandbox","owner":"va1da5","description":"SQL injection sandbox","archived":false,"fork":false,"pushed_at":"2021-02-16T13:27:42.000Z","size":21,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-05-19T07:35:18.897Z","etag":null,"topics":["flask","mariadb","postgres","sqli","sqlinjection"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/va1da5.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-01-22T20:51:46.000Z","updated_at":"2021-02-16T13:27:44.000Z","dependencies_parsed_at":null,"dependency_job_id":"128d5045-5d2c-4f50-8595-38ffb45098ce","html_url":"https://github.com/va1da5/sqli-sandbox","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/va1da5/sqli-sandbox","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/va1da5%2Fsqli-sandbox","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/va1da5%2Fsqli-sandbox/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/va1da5%2Fsqli-sandbox/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/va1da5%2Fsqli-sandbox/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/va1da5","download_url":"https://codeload.github.com/va1da5/sqli-sandbox/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/va1da5%2Fsqli-sandbox/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31803258,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-14T11:13:53.975Z","status":"ssl_error","status_checked_at":"2026-04-14T11:13:53.299Z","response_time":153,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["flask","mariadb","postgres","sqli","sqlinjection"],"created_at":"2024-11-07T12:24:03.290Z","updated_at":"2026-04-14T15:32:18.149Z","avatar_url":"https://github.com/va1da5.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SQL Injection Sandbox\n\nThe project contains a minimal [FastAPI](https://fastapi.tiangolo.com/) based web server with database backend. The server **intentionally** include SQL injection vulnerabilities. _docker-compose.yml_ includes _MariaDB_ and _Postgres_ databases that can be used with the web server.\n\nThe idea behind the server is to have a quick sandbox for testing manual SQLi payloads when usage of _sqlmap_ is not an option (_like during OSWE/OSCP exams_).\n\n## Getting Started\n\n- Download missing container images.\n\n  ```bash\n  docker-compose pull\n  ```\n\n- Set database to be used in [docker-compose.yml](docker-compose.yml) container orchestration file. Comment/uncomment database URL variable in web server environment variables section.\n\n- Build web server container image.\n\n  ```bash\n  docker-compose build\n  ```\n\n- Launch containers. The server will start with inbuilt _Debug_ functionality turned on. Local source code is going to be mapped to the running container. This means that any changes made locally will get included into the running server.\n\n  ```bash\n  docker-compose up -d\n  ```\n\n- Review [app/api/endpoints/user.py](app/api/endpoints/user.py) for available routes and functionality. The API comes with [OpenAPI (Swagger)](https://swagger.io/specification/) definition available under [http://127.0.0.1:8000/docs](http://127.0.0.1:8000/docs).\n\n## References\n\n- [From SQL Injection to Shell: PostgreSQL edition](https://pentesterlab.com/exercises/from_sqli_to_shell_pg_edition/course)\n- [PayloadsAllTheThings/SQL Injection](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/SQL%20Injection)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fva1da5%2Fsqli-sandbox","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fva1da5%2Fsqli-sandbox","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fva1da5%2Fsqli-sandbox/lists"}