https://github.com/entr0pie/things-things

A SQL Injection vulnerable server. Easy setup, minimal code. For educational purposes.
https://github.com/entr0pie/things-things

bootstrap5 education educational express sqlinjection sqlite3

Last synced: 2 months ago
JSON representation

A SQL Injection vulnerable server. Easy setup, minimal code. For educational purposes.

• Host: GitHub
• URL: https://github.com/entr0pie/things-things
• Owner: entr0pie
• License: mit
• Created: 2023-05-31T02:28:48.000Z (almost 2 years ago)
• Default Branch: main
• Last Pushed: 2023-05-31T16:17:52.000Z (almost 2 years ago)
• Last Synced: 2025-01-09T05:25:44.666Z (4 months ago)
• Topics: bootstrap5, education, educational, express, sqlinjection, sqlite3
• Language: EJS
• Homepage:
• Size: 150 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# Things&Things

Things&Things is a SQL Injection vulnerable web server designed to demonstrate and educate about the classic SQL Injection vulnerability.

![Things&Things intial page](assets/index.png)

## Installation

To install and run Things&Things, follow these steps:

1. Clone the repository:

```

https://github.com/entr0pie/Things-Things/

```

2. Navigate to the project directory:

```

cd Things-Things

```

3. Install the dependencies:

```

npm install

```

4. Start the web-server:

```

node index.js

```

5. Access [`http://localhost:5000`](http://localhost:5000/).

## How do I exploit this application?

First, try doing some manual exploration (without sqlmap). This will help you to understand the basics of how SQL Injection works.

How to get started: 

1. Make sure you have followed the installation instructions mentioned in the README file.

2. Once the app is running, you can start exploring different functionalities and input fields.

3. Experiment with various SQL injection techniques to manipulate the application's behavior and access unintended data.

4. If you're looking for hints or guidance, check this [paper](https://www.exploit-db.com/docs/english/41397-injecting-sqlite-database-based-applications.pdf). If you want to see the how to exploit this app, step-by-step, see the secret/README.md file. 

Remember, the purpose of this app is to understand the risks associated with SQL Injection and how to prevent it. Always use this knowledge responsibly and respect the security of others' systems.

Happy Hacking! 

## License

The Things&Things project is licensed under the [MIT License](https://opensource.org/licenses/MIT).