Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/rayhan0x01/nodejs-websocket-sqli
A simple NodeJS WebSocket WebApp vulnerable to blind SQL injection
https://github.com/rayhan0x01/nodejs-websocket-sqli
Last synced: 22 days ago
JSON representation
A simple NodeJS WebSocket WebApp vulnerable to blind SQL injection
- Host: GitHub
- URL: https://github.com/rayhan0x01/nodejs-websocket-sqli
- Owner: rayhan0x01
- Created: 2021-04-02T10:40:35.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2021-04-02T10:42:52.000Z (over 3 years ago)
- Last Synced: 2024-08-05T17:38:05.710Z (4 months ago)
- Language: JavaScript
- Size: 70.3 KB
- Stars: 69
- Watchers: 1
- Forks: 8
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - rayhan0x01/nodejs-websocket-sqli - A simple NodeJS WebSocket WebApp vulnerable to blind SQL injection (JavaScript)
README
# NodeJS WebSocket SQLi vulnerable WebApp
A one-day build of a vulnerable WebSocket app on NodeJS to practice boolean based SQLi over WebSocket.
I made this for others to learn and automate SQLi over WebSocket, additionally an input box is added to the homepage to quickly test out a query. Here are some exercises for practice:
* Try dumping some data from the DB through the input box on the homepage.
* Build a script to automate dumping data via boolean-based blind SQLi over WebSocket.
* Build a script to automate dumping data via Time-based blind SQLi over WebSocket.
* Build a middle-ware HTTP Server script to relay SQLMap payloads to WebSocket.Check my blog post where I have shared the last exercise here: https://rayhan0x01.github.io/ctf/2021/04/02/blind-sqli-over-websocket-automation.html
## Run
1. run : `docker-compose up`
2. visit : http://localhost:8156/## ScreenShots
![](screenshots/1.png#center)
![](screenshots/2.png#center)