worked on sql injection, added example page

2024-04-12 14:21:09 +00:00 · 2024-04-12 14:21:09 +00:00 · 0e2175a8fc
parent fad70625fd
commit 0e2175a8fc
16 changed files with 421 additions and 237 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,3 @@
 *.db
 .mypy_cache/
 __pycache__/
--- a/introduction-to-sql-injection/example/README.md
+++ b/introduction-to-sql-injection/example/README.md
@ -0,0 +1,30 @@
 # Example project of a website including an SQL injection 
 This implementation is meant to be used for training purposes.
 Do not use the code in production or development.
 ## Usage
 Use python poetry to install dependencies in the following way.
 ```sh
 poetry install
 ```
 If you want to install the dependencies manually use a venv in the following way.
 ```sh
 python3 -m venv venv
 source venv/bin/activate
 pip install flask
 ```
 Dependencies can be found inside the `./pyproject.toml` file.
 After installation has been done, start the flask server.
 ```sh
 poetry run python3 ./flask_sqli.py
 ```
 Now, the website is accessible at [localhost:5000](http://localhost:5000/)
--- a/introduction-to-sql-injection/example/create_db.py
+++ b/introduction-to-sql-injection/example/create_db.py
@ -1,32 +1,33 @@
 import sqlite3
-con = sqlite3.connect("secrets.db")
+con = sqlite3.connect("users.db")
 cur = con.cursor()
 cur.execute("DROP TABLE IF EXISTS users")
 cur.execute(
    """
-    CREATE TABLE user_data(
+    CREATE TABLE users(
        user_id INTEGER PRIMARY KEY AUTOINCREMENT,
        username TEXT, password TEXT, notes TEXT
-        );
+        )
    """
 )
 res = cur.execute(
    """
-    INSERT INTO user_data (username, password, notes)
+    INSERT INTO users (username, password, notes)
        VALUES (
-        'admin',
+            'admin',
-        's3cur3P455w0rd',
+            's3cur3P455w0rd',
-        'sqli{66d7724d872da91af56907aea0f6bfb8}'
+            'sqli{66d7724d872da91af56907aea0f6bfb8}'
        ),
        (
            'catweasle',
            'catweasle_h3xh3x',
            'sqli{f91f3b7d41a6a40070ce7112bebfaaab}'
        )
        ;
    """
 )
--- a/introduction-to-sql-injection/example/flask_sqli.py
+++ b/introduction-to-sql-injection/example/flask_sqli.py
@ -0,0 +1,43 @@
 from flask import Flask, request, render_template
 import sqlite3
 app = Flask(__name__)
 app.secret_key = 'secret_key'
 def db_connection():
    conn = sqlite3.connect('users.db')
    c = conn.cursor()
    return c
@app.route('/')
 def index():
    return render_template('login.html')
@app.route('/login', methods=['POST'])
 def login():
    username = request.form['username']
    password = request.form['password']
    # Vulnerable code with SQL injection vulnerability
    query = "SELECT * FROM users WHERE username='" + username + "' AND \
    password='" + password + "'"
    c = db_connection()
    c.execute(query)
    user = c.fetchone()
    try:
        if user:
            login_failed = False
            return render_template('profile.html')
        else:
            login_failed = True
            return render_template('login.html', login_failed=login_failed, error_message=user)
    except sqlite3.Error as e:
        flash(f"{e}")
        return render_template('login.html')
 if __name__ == '__main__':
    app.run(host='0.0.0.0', debug=True)
--- a/introduction-to-sql-injection/example/poetry.lock
+++ b/introduction-to-sql-injection/example/poetry.lock
@ -0,0 +1,178 @@
 # This file is automatically @generated by Poetry 1.8.2 and should not be changed by hand.
 [[package]]
 name = "blinker"
 version = "1.7.0"
 description = "Fast, simple object-to-object and broadcast signaling"
 optional = false
 python-versions = ">=3.8"
 files = [
    {file = "blinker-1.7.0-py3-none-any.whl", hash = "sha256:c3f865d4d54db7abc53758a01601cf343fe55b84c1de4e3fa910e420b438d5b9"},
    {file = "blinker-1.7.0.tar.gz", hash = "sha256:e6820ff6fa4e4d1d8e2747c2283749c3f547e4fee112b98555cdcdae32996182"},
 ]
 [[package]]
 name = "click"
 version = "8.1.7"
 description = "Composable command line interface toolkit"
 optional = false
 python-versions = ">=3.7"
 files = [
    {file = "click-8.1.7-py3-none-any.whl", hash = "sha256:ae74fb96c20a0277a1d615f1e4d73c8414f5a98db8b799a7931d1582f3390c28"},
    {file = "click-8.1.7.tar.gz", hash = "sha256:ca9853ad459e787e2192211578cc907e7594e294c7ccc834310722b41b9ca6de"},
 ]
 [package.dependencies]
 colorama = {version = "*", markers = "platform_system == \"Windows\""}
 [[package]]
 name = "colorama"
 version = "0.4.6"
 description = "Cross-platform colored terminal text."
 optional = false
 python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*,!=3.6.*,>=2.7"
 files = [
    {file = "colorama-0.4.6-py2.py3-none-any.whl", hash = "sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6"},
    {file = "colorama-0.4.6.tar.gz", hash = "sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44"},
 ]
 [[package]]
 name = "flask"
 version = "3.0.3"
 description = "A simple framework for building complex web applications."
 optional = false
 python-versions = ">=3.8"
 files = [
    {file = "flask-3.0.3-py3-none-any.whl", hash = "sha256:34e815dfaa43340d1d15a5c3a02b8476004037eb4840b34910c6e21679d288f3"},
    {file = "flask-3.0.3.tar.gz", hash = "sha256:ceb27b0af3823ea2737928a4d99d125a06175b8512c445cbd9a9ce200ef76842"},
 ]
 [package.dependencies]
 blinker = ">=1.6.2"
 click = ">=8.1.3"
 itsdangerous = ">=2.1.2"
 Jinja2 = ">=3.1.2"
 Werkzeug = ">=3.0.0"
 [package.extras]
 async = ["asgiref (>=3.2)"]
 dotenv = ["python-dotenv"]
 [[package]]
 name = "itsdangerous"
 version = "2.1.2"
 description = "Safely pass data to untrusted environments and back."
 optional = false
 python-versions = ">=3.7"
 files = [
    {file = "itsdangerous-2.1.2-py3-none-any.whl", hash = "sha256:2c2349112351b88699d8d4b6b075022c0808887cb7ad10069318a8b0bc88db44"},
    {file = "itsdangerous-2.1.2.tar.gz", hash = "sha256:5dbbc68b317e5e42f327f9021763545dc3fc3bfe22e6deb96aaf1fc38874156a"},
 ]
 [[package]]
 name = "jinja2"
 version = "3.1.3"
 description = "A very fast and expressive template engine."
 optional = false
 python-versions = ">=3.7"
 files = [
    {file = "Jinja2-3.1.3-py3-none-any.whl", hash = "sha256:7d6d50dd97d52cbc355597bd845fabfbac3f551e1f99619e39a35ce8c370b5fa"},
    {file = "Jinja2-3.1.3.tar.gz", hash = "sha256:ac8bd6544d4bb2c9792bf3a159e80bba8fda7f07e81bc3aed565432d5925ba90"},
 ]
 [package.dependencies]
 MarkupSafe = ">=2.0"
 [package.extras]
 i18n = ["Babel (>=2.7)"]
 [[package]]
 name = "markupsafe"
 version = "2.1.5"
 description = "Safely add untrusted strings to HTML/XML markup."
 optional = false
 python-versions = ">=3.7"
 files = [
    {file = "MarkupSafe-2.1.5-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:a17a92de5231666cfbe003f0e4b9b3a7ae3afb1ec2845aadc2bacc93ff85febc"},
    {file = "MarkupSafe-2.1.5-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:72b6be590cc35924b02c78ef34b467da4ba07e4e0f0454a2c5907f473fc50ce5"},
    {file = "MarkupSafe-2.1.5-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e61659ba32cf2cf1481e575d0462554625196a1f2fc06a1c777d3f48e8865d46"},
    {file = "MarkupSafe-2.1.5-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:2174c595a0d73a3080ca3257b40096db99799265e1c27cc5a610743acd86d62f"},
    {file = "MarkupSafe-2.1.5-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:ae2ad8ae6ebee9d2d94b17fb62763125f3f374c25618198f40cbb8b525411900"},
    {file = "MarkupSafe-2.1.5-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:075202fa5b72c86ad32dc7d0b56024ebdbcf2048c0ba09f1cde31bfdd57bcfff"},
    {file = "MarkupSafe-2.1.5-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:598e3276b64aff0e7b3451b72e94fa3c238d452e7ddcd893c3ab324717456bad"},
    {file = "MarkupSafe-2.1.5-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:fce659a462a1be54d2ffcacea5e3ba2d74daa74f30f5f143fe0c58636e355fdd"},
    {file = "MarkupSafe-2.1.5-cp310-cp310-win32.whl", hash = "sha256:d9fad5155d72433c921b782e58892377c44bd6252b5af2f67f16b194987338a4"},
    {file = "MarkupSafe-2.1.5-cp310-cp310-win_amd64.whl", hash = "sha256:bf50cd79a75d181c9181df03572cdce0fbb75cc353bc350712073108cba98de5"},
    {file = "MarkupSafe-2.1.5-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:629ddd2ca402ae6dbedfceeba9c46d5f7b2a61d9749597d4307f943ef198fc1f"},
    {file = "MarkupSafe-2.1.5-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:5b7b716f97b52c5a14bffdf688f971b2d5ef4029127f1ad7a513973cfd818df2"},
    {file = "MarkupSafe-2.1.5-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:6ec585f69cec0aa07d945b20805be741395e28ac1627333b1c5b0105962ffced"},
    {file = "MarkupSafe-2.1.5-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:b91c037585eba9095565a3556f611e3cbfaa42ca1e865f7b8015fe5c7336d5a5"},
    {file = "MarkupSafe-2.1.5-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:7502934a33b54030eaf1194c21c692a534196063db72176b0c4028e140f8f32c"},
    {file = "MarkupSafe-2.1.5-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:0e397ac966fdf721b2c528cf028494e86172b4feba51d65f81ffd65c63798f3f"},
    {file = "MarkupSafe-2.1.5-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:c061bb86a71b42465156a3ee7bd58c8c2ceacdbeb95d05a99893e08b8467359a"},
    {file = "MarkupSafe-2.1.5-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:3a57fdd7ce31c7ff06cdfbf31dafa96cc533c21e443d57f5b1ecc6cdc668ec7f"},
    {file = "MarkupSafe-2.1.5-cp311-cp311-win32.whl", hash = "sha256:397081c1a0bfb5124355710fe79478cdbeb39626492b15d399526ae53422b906"},
    {file = "MarkupSafe-2.1.5-cp311-cp311-win_amd64.whl", hash = "sha256:2b7c57a4dfc4f16f7142221afe5ba4e093e09e728ca65c51f5620c9aaeb9a617"},
    {file = "MarkupSafe-2.1.5-cp312-cp312-macosx_10_9_universal2.whl", hash = "sha256:8dec4936e9c3100156f8a2dc89c4b88d5c435175ff03413b443469c7c8c5f4d1"},
    {file = "MarkupSafe-2.1.5-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:3c6b973f22eb18a789b1460b4b91bf04ae3f0c4234a0a6aa6b0a92f6f7b951d4"},
    {file = "MarkupSafe-2.1.5-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:ac07bad82163452a6884fe8fa0963fb98c2346ba78d779ec06bd7a6262132aee"},
    {file = "MarkupSafe-2.1.5-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f5dfb42c4604dddc8e4305050aa6deb084540643ed5804d7455b5df8fe16f5e5"},
    {file = "MarkupSafe-2.1.5-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:ea3d8a3d18833cf4304cd2fc9cbb1efe188ca9b5efef2bdac7adc20594a0e46b"},
    {file = "MarkupSafe-2.1.5-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:d050b3361367a06d752db6ead6e7edeb0009be66bc3bae0ee9d97fb326badc2a"},
    {file = "MarkupSafe-2.1.5-cp312-cp312-musllinux_1_1_i686.whl", hash = "sha256:bec0a414d016ac1a18862a519e54b2fd0fc8bbfd6890376898a6c0891dd82e9f"},
    {file = "MarkupSafe-2.1.5-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:58c98fee265677f63a4385256a6d7683ab1832f3ddd1e66fe948d5880c21a169"},
    {file = "MarkupSafe-2.1.5-cp312-cp312-win32.whl", hash = "sha256:8590b4ae07a35970728874632fed7bd57b26b0102df2d2b233b6d9d82f6c62ad"},
    {file = "MarkupSafe-2.1.5-cp312-cp312-win_amd64.whl", hash = "sha256:823b65d8706e32ad2df51ed89496147a42a2a6e01c13cfb6ffb8b1e92bc910bb"},
    {file = "MarkupSafe-2.1.5-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:c8b29db45f8fe46ad280a7294f5c3ec36dbac9491f2d1c17345be8e69cc5928f"},
    {file = "MarkupSafe-2.1.5-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:ec6a563cff360b50eed26f13adc43e61bc0c04d94b8be985e6fb24b81f6dcfdf"},
    {file = "MarkupSafe-2.1.5-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a549b9c31bec33820e885335b451286e2969a2d9e24879f83fe904a5ce59d70a"},
    {file = "MarkupSafe-2.1.5-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:4f11aa001c540f62c6166c7726f71f7573b52c68c31f014c25cc7901deea0b52"},
    {file = "MarkupSafe-2.1.5-cp37-cp37m-musllinux_1_1_aarch64.whl", hash = "sha256:7b2e5a267c855eea6b4283940daa6e88a285f5f2a67f2220203786dfa59b37e9"},
    {file = "MarkupSafe-2.1.5-cp37-cp37m-musllinux_1_1_i686.whl", hash = "sha256:2d2d793e36e230fd32babe143b04cec8a8b3eb8a3122d2aceb4a371e6b09b8df"},
    {file = "MarkupSafe-2.1.5-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:ce409136744f6521e39fd8e2a24c53fa18ad67aa5bc7c2cf83645cce5b5c4e50"},
    {file = "MarkupSafe-2.1.5-cp37-cp37m-win32.whl", hash = "sha256:4096e9de5c6fdf43fb4f04c26fb114f61ef0bf2e5604b6ee3019d51b69e8c371"},
    {file = "MarkupSafe-2.1.5-cp37-cp37m-win_amd64.whl", hash = "sha256:4275d846e41ecefa46e2015117a9f491e57a71ddd59bbead77e904dc02b1bed2"},
    {file = "MarkupSafe-2.1.5-cp38-cp38-macosx_10_9_universal2.whl", hash = "sha256:656f7526c69fac7f600bd1f400991cc282b417d17539a1b228617081106feb4a"},
    {file = "MarkupSafe-2.1.5-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:97cafb1f3cbcd3fd2b6fbfb99ae11cdb14deea0736fc2b0952ee177f2b813a46"},
    {file = "MarkupSafe-2.1.5-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1f3fbcb7ef1f16e48246f704ab79d79da8a46891e2da03f8783a5b6fa41a9532"},
    {file = "MarkupSafe-2.1.5-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:fa9db3f79de01457b03d4f01b34cf91bc0048eb2c3846ff26f66687c2f6d16ab"},
    {file = "MarkupSafe-2.1.5-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:ffee1f21e5ef0d712f9033568f8344d5da8cc2869dbd08d87c84656e6a2d2f68"},
    {file = "MarkupSafe-2.1.5-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:5dedb4db619ba5a2787a94d877bc8ffc0566f92a01c0ef214865e54ecc9ee5e0"},
    {file = "MarkupSafe-2.1.5-cp38-cp38-musllinux_1_1_i686.whl", hash = "sha256:30b600cf0a7ac9234b2638fbc0fb6158ba5bdcdf46aeb631ead21248b9affbc4"},
    {file = "MarkupSafe-2.1.5-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:8dd717634f5a044f860435c1d8c16a270ddf0ef8588d4887037c5028b859b0c3"},
    {file = "MarkupSafe-2.1.5-cp38-cp38-win32.whl", hash = "sha256:daa4ee5a243f0f20d528d939d06670a298dd39b1ad5f8a72a4275124a7819eff"},
    {file = "MarkupSafe-2.1.5-cp38-cp38-win_amd64.whl", hash = "sha256:619bc166c4f2de5caa5a633b8b7326fbe98e0ccbfacabd87268a2b15ff73a029"},
    {file = "MarkupSafe-2.1.5-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:7a68b554d356a91cce1236aa7682dc01df0edba8d043fd1ce607c49dd3c1edcf"},
    {file = "MarkupSafe-2.1.5-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:db0b55e0f3cc0be60c1f19efdde9a637c32740486004f20d1cff53c3c0ece4d2"},
    {file = "MarkupSafe-2.1.5-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:3e53af139f8579a6d5f7b76549125f0d94d7e630761a2111bc431fd820e163b8"},
    {file = "MarkupSafe-2.1.5-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:17b950fccb810b3293638215058e432159d2b71005c74371d784862b7e4683f3"},
    {file = "MarkupSafe-2.1.5-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:4c31f53cdae6ecfa91a77820e8b151dba54ab528ba65dfd235c80b086d68a465"},
    {file = "MarkupSafe-2.1.5-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:bff1b4290a66b490a2f4719358c0cdcd9bafb6b8f061e45c7a2460866bf50c2e"},
    {file = "MarkupSafe-2.1.5-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:bc1667f8b83f48511b94671e0e441401371dfd0f0a795c7daa4a3cd1dde55bea"},
    {file = "MarkupSafe-2.1.5-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:5049256f536511ee3f7e1b3f87d1d1209d327e818e6ae1365e8653d7e3abb6a6"},
    {file = "MarkupSafe-2.1.5-cp39-cp39-win32.whl", hash = "sha256:00e046b6dd71aa03a41079792f8473dc494d564611a8f89bbbd7cb93295ebdcf"},
    {file = "MarkupSafe-2.1.5-cp39-cp39-win_amd64.whl", hash = "sha256:fa173ec60341d6bb97a89f5ea19c85c5643c1e7dedebc22f5181eb73573142c5"},
    {file = "MarkupSafe-2.1.5.tar.gz", hash = "sha256:d283d37a890ba4c1ae73ffadf8046435c76e7bc2247bbb63c00bd1a709c6544b"},
 ]
 [[package]]
 name = "werkzeug"
 version = "3.0.2"
 description = "The comprehensive WSGI web application library."
 optional = false
 python-versions = ">=3.8"
 files = [
    {file = "werkzeug-3.0.2-py3-none-any.whl", hash = "sha256:3aac3f5da756f93030740bc235d3e09449efcf65f2f55e3602e1d851b8f48795"},
    {file = "werkzeug-3.0.2.tar.gz", hash = "sha256:e39b645a6ac92822588e7b39a692e7828724ceae0b0d702ef96701f90e70128d"},
 ]
 [package.dependencies]
 MarkupSafe = ">=2.1.1"
 [package.extras]
 watchdog = ["watchdog (>=2.3)"]
 [metadata]
 lock-version = "2.0"
 python-versions = "^3.11"
 content-hash = "bd088dde30dfcf8fd3b70f5ef89b5a64561c2d092bc581de6bacf86c390470f6"
--- a/introduction-to-sql-injection/example/pyproject.toml
+++ b/introduction-to-sql-injection/example/pyproject.toml
@ -0,0 +1,16 @@
 [tool.poetry]
 name = "sql-injection-flask"
 version = "0.1.0"
 description = "A Flask implementation including an SQL injection."
 authors = ["whx <mail@stefan.works>"]
 readme = "README.md"
 package-mode = false
 [tool.poetry.dependencies]
 python = "^3.11"
 Flask = "^3.0.3"
 [build-system]
 requires = ["poetry-core"]
 build-backend = "poetry.core.masonry.api"
--- a/introduction-to-sql-injection/example/static/coffeeshop-logo.jpg
+++ b/introduction-to-sql-injection/example/static/coffeeshop-logo.jpg
--- a/introduction-to-sql-injection/example/static/hacker-cat.jpg
+++ b/introduction-to-sql-injection/example/static/hacker-cat.jpg
--- a/introduction-to-sql-injection/example/static/logo.svg
+++ b/introduction-to-sql-injection/example/static/logo.svg
@ -0,0 +1,4 @@
 <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100" width="100" height="100">
    <path fill="#3d3d3d" d="M50 0c27.574 0 50 22.426 50 50s-22.426 50-50 50S0 77.574 0 50 22.426 0 50 0zm0 8C29.043 8 12 25.043 12 46c0 10.481 4.141 20.017 10.886 27.012L50 92l27.114-18.988C83.859 66.017 88 56.481 88 46c0-20.957-17.043-38-38-38zm12 34c2.206 0 4-1.794 4-4s-1.794-4-4-4H38c-2.206 0-4 1.794-4 4s1.794 4 4 4h24z"/>
 </svg>
--- a/introduction-to-sql-injection/example/static/stylesheet.css
+++ b/introduction-to-sql-injection/example/static/stylesheet.css
@ -0,0 +1,52 @@
 /* Body */
 body {
    font-family: Arial, sans-serif; /* Arial as the first choice, followed by generic sans-serif */
    background-color: #f4f4f4; /* Light gray */
    margin: 0;
    padding: 0;
 }
 /* Login container */
 .login-container {
    background-color: #fff; /* White */
    padding: 20px;
    border-radius: 8px;
    box-shadow: 0 2px 4px rgba(0, 0, 0, 0.1);
    width: 300px;
    margin: 50px auto; /* Center the container horizontally and add spacing from the top */
 }
 h2 {
    text-align: center;
    margin-bottom: 20px;
 }
 label {
    font-weight: bold;
 }
 input[type="text"],
 input[type="password"] {
    width: 100%;
    padding: 10px;
    margin-bottom: 20px;
    border: 1px solid #ccc;
    border-radius: 4px;
    box-sizing: border-box;
 }
 input[type="submit"] {
    width: 100%;
    padding: 10px;
    background-color: #007bff; /* Blue */
    color: #fff;
    border: none;
    border-radius: 4px;
    cursor: pointer;
    font-size: 16px;
 }
 input[type="submit"]:hover {
    background-color: #0056b3; /* Darker blue */
 }
--- a/introduction-to-sql-injection/example/templates/login.html
+++ b/introduction-to-sql-injection/example/templates/login.html
@ -0,0 +1,31 @@
 {% extends "template.html" %}
 {% block info %}
    <div class="login-container">
        <h2>Login</h2>
          {% with messages = get_flashed_messages(with_categories=True) %}
            {% if messages %}
              {% for category, message in messages %}
                <div class="alert alert-{{ category }}">
                    <h5>{{ message }}</h5>
                </div>
              {% endfor %}
            {% endif %}
          {% endwith %}
        {% if login_failed %}
            <div id="login-failed-msg" style="color: red; text-align: center;
                margin-bottom: 10px;">
                Login Failed
            </div>
        {% endif %}
        <form action="/login" method="post">
            <label for="username">Username:</label><br>
            <input type="text" id="username" name="username"><br>
            <label for="password">Password:</label><br>
            <input type="password" id="password" name="password"><br><br>
            <input type="submit" value="Login">
        </form>
    </div>
    {% if error_message %}
        {{ error_message }}
    {% endif %}
 {% endblock info %}
--- a/introduction-to-sql-injection/example/templates/profile.html
+++ b/introduction-to-sql-injection/example/templates/profile.html
@ -0,0 +1,7 @@
 {% extends "template.html" %}
 {% block info %}
 You made it, grab a coffee!
 <br></br>
 <img src="../static/hacker-cat.jpg" alt="Coffee Shop Logo" class="logo">
 {% endblock info %}
--- a/introduction-to-sql-injection/example/templates/template.html
+++ b/introduction-to-sql-injection/example/templates/template.html
@ -0,0 +1,33 @@
 <!DOCTYPE html>
 <html lang="en">
 <head>
 <!-- Basic Page Needs
   -->
  <meta charset="utf-8">
  {% if title %}
   <title>{{ title }}</title>
  {% endif %}
 <!-- Mobile Specific Metas
   -->
  <meta name="viewport" content="width=device-width, initial-scale=1 shrink-to-fit=no">
 <!-- FONT
  -->
  <!-- <link href="//fonts.googleapis.com/css?family=Raleway:400,300,600" rel="stylesheet" type="text/css"> -->
 <link rel="stylesheet" href="../static/stylesheet.css">
 <link rel="icon" type="image/jpg" href="../static/coffeeshop-logo.jpg">
 </head>
 <body>
 <!-- Primary Page Layout
   -->
 <div style="margin-top:5%; margin-left:5%">
 <div style="width:100%;">
  <div style="width: 80%; height: 100px; float: left;">
     {% block info %}
     {% endblock %}
  </div>
 </div>
 </div>
 <!-- End Document
   -->
 </body>
 </html>
--- a/introduction-to-sql-injection/images/exploits_of_a_mom.png
+++ b/introduction-to-sql-injection/images/exploits_of_a_mom.png
--- a/introduction-to-sql-injection/presentation.html
+++ b/introduction-to-sql-injection/presentation.html
@ -124,9 +124,9 @@ Next Presentation</li>
 <h3 id="number-1">Number 1</h3>
 <p>An SQL Query as a string embedded in other languages</p>
 <div class="sourceCode" id="cb1"><pre
-class="sourceCode python"><code class="sourceCode python"><span id="cb1-1"><a href="#cb1-1" aria-hidden="true" tabindex="-1"></a>sql_query <span class="op">=</span> </span>
+class="sourceCode python"><code class="sourceCode python"><span id="cb1-1"><a href="#cb1-1" aria-hidden="true" tabindex="-1"></a>sql_query <span class="op">=</span></span>
 <span id="cb1-2"><a href="#cb1-2" aria-hidden="true" tabindex="-1"></a>  cursor.execute(</span>
-<span id="cb1-3"><a href="#cb1-3" aria-hidden="true" tabindex="-1"></a>    <span class="st">&quot;SELECT * FROM user_data where username = &#39;foo&#39; and password = &#39;s3cur3P4ssw0rd&quot;</span></span>
+<span id="cb1-3"><a href="#cb1-3" aria-hidden="true" tabindex="-1"></a>    <span class="st">&quot;SELECT * FROM user_data where username = &#39;admin&#39; and password = &#39;s3cur3P4ssw0rd&#39;&quot;</span></span>
 <span id="cb1-4"><a href="#cb1-4" aria-hidden="true" tabindex="-1"></a>  )</span></code></pre></div>
 </section>
 <section class="slide level1">
@ -134,243 +134,24 @@ class="sourceCode python"><code class="sourceCode python"><span id="cb1-1"><a hr
 <h3 id="number-2">Number 2</h3>
 <p>User input is possible as a part of said SQL query</p>
 <div class="sourceCode" id="cb2"><pre
-class="sourceCode python"><code class="sourceCode python"><span id="cb2-1"><a href="#cb2-1" aria-hidden="true" tabindex="-1"></a>sql_query <span class="op">=</span> cursor.execute(<span class="st">&quot;SELECT * FROM user_data where username = &#39;</span><span class="sc">%s</span><span class="st">&#39;&quot;</span> <span class="op">%</span> username)</span></code></pre></div>
+class="sourceCode python"><code class="sourceCode python"><span id="cb2-1"><a href="#cb2-1" aria-hidden="true" tabindex="-1"></a>sql_query <span class="op">=</span></span>
 <span id="cb2-2"><a href="#cb2-2" aria-hidden="true" tabindex="-1"></a>  cursor.execute(</span>
 <span id="cb2-3"><a href="#cb2-3" aria-hidden="true" tabindex="-1"></a>    <span class="st">&quot;SELECT * FROM user_data where username = &#39;</span><span class="sc">%s</span><span class="st">&#39; and password = &#39;</span><span class="sc">%s</span><span class="st">&#39;&quot;</span>,</span>
 <span id="cb2-4"><a href="#cb2-4" aria-hidden="true" tabindex="-1"></a>    <span class="op">%</span> (username, password)</span>
 <span id="cb2-5"><a href="#cb2-5" aria-hidden="true" tabindex="-1"></a>  )</span></code></pre></div>
 </section>
 <section class="slide level1">
 <h2 id="how-to-exploit-an-sql-injection">How to Exploit an SQL
 Injection</h2>
 <p>Work is a product of power by time.<br />
 <code>P</code> is your power to solve an issue.</p>
 <p><code>W = P x t</code></p>
 <p>The smarter you tackle work, the less time you need to solve an
 issue.</p>
 </section>
 <section class="slide level1">
 <h2 id="knowledge-is-a-map">Knowledge is a Map</h2>
 <p>You conventiently drive around the city using the underground. That’s
 how you get to know the main spots of the city.</p>
 <p><img src="./images/london_underground.jpg" alt="London Underground" width="50%" height="auto"></p>
 </section>
 <section class="slide level1">
 <h2 id="knowledge-is-a-map-1">Knowledge is a Map</h2>
 <p>Invest some time and explore deeper on foot. That’s how you get to
 know the back alleys.</p>
 <p><img src="./images/london_by_foot.jpg" alt="London by Foot" width="50%" height="auto"></p>
 </section>
 <section id="ghidra-an-overview" class="slide level1">
 <h1>Ghidra – an Overview</h1>
 </section>
 <section class="slide level1">
 <figure>
 <img data-src="./images/Ghidra-Overview.png"
 alt="Main View of Ghidra" />
 <figcaption aria-hidden="true">Main View of Ghidra</figcaption>
 </figure>
 </section>
 <section class="slide level1">
 <h2 id="watch-out-for-low-hanging-fruits">Watch Out for Low Hanging
 Fruits</h2>
 </section>
 <section class="slide level1">
 <ul>
-<li class="fragment">Data Segment</li>
+<li class="fragment">Close the string through an ending quote</li>
-<li class="fragment">Names of Functions</li>
+<li class="fragment">Continue the query with your own SQL code</li>
 <li class="fragment">Conditions &amp; Comparisons</li>
 <li class="fragment">Strings: Usernames, Passwords</li>
 <li class="fragment">URLs, IP &amp; Port Numbers</li>
 </ul>
 <p><strong>Do not try to understand the whole code at once, it will only
 drive you mad.</strong></p>
 </section>
 <section class="slide level1">
 <h3 id="data-segments">Data Segments</h3>
 <p><img src="./images/data-segments.png" alt="A look into the read only data segment" width="70%" height="auto"></p>
 <p>A look into the read only data segment</p>
 </section>
 <section class="slide level1">
 <h3 id="name-of-functions">Name of Functions</h3>
 <figure>
 <img data-src="./images/symbol-tree.png"
 alt="Functions contained in the binary a.k.a. Symbol Tree" />
 <figcaption aria-hidden="true">Functions contained in the binary a.k.a.
 Symbol Tree</figcaption>
 </figure>
 </section>
 <section class="slide level1">
 <h3 id="conditions-comparisions">Conditions &amp; Comparisions</h3>
 <p><img src="./images/decompiled-code.png" alt="Input is Compared to a Hard Coded String" width="50%" height="auto"></p>
 <p>Input is compared to a hard coded string</p>
 </section>
 <section class="slide level1">
 <h3 id="function-graph">Function Graph</h3>
 <p><img src="./images/function-graph.png" alt="Take a Look at the Flow Graph of Functions" width="50%" height="auto"></p>
 <p>Take a look at the flow graph of functions</p>
 </section>
 <section class="slide level1">
 <h3 id="strings">Strings</h3>
 <p><img src="./images/defined-strings-menu.png" alt="Open the Defined Strings Menu" width="50%" height="auto"></p>
 <p>Strings can not only be located in data but also in other code
 segments, sometimes obfuscated</p>
 </section>
 <section class="slide level1">
 <h3 id="strings-1">Strings</h3>
 <figure>
 <img data-src="./images/defined-strings.png" alt="An old friend" />
 <figcaption aria-hidden="true">An old friend</figcaption>
 </figure>
 </section>
 <section class="slide level1">
 <h3 id="binary-patching">Binary Patching</h3>
 <p>Bypass any undesireable condition via a <code>NOP</code>
 instruction.</p>
 <p><img src="./images/nop.jpg" alt="NOP, export your patched binary" width="30%" height="auto"></p>
 <p>NOP, export your patched binary</p>
 </section>
 <section class="slide level1">
 <h3 id="do-it-yourselves">Do It Yourselves!</h3>
 <ul>
 <li class="fragment"><a href="https://ghidra-sre.org/">Download
 Ghidra</a></li>
 <li class="fragment"><a href="https://crackmes.one">Download binaries at
 crackmes.one</a></li>
 <li class="fragment"><a href="https://hackthebox.eu">Find more binaries
 on hackthebox</a></li>
 <li class="fragment"><a href="https://tryhackme.com">Or Find even more
 on tryhackme</a></li>
 <li class="fragment">Download firmware of your favorite IoT
 appliances</li>
 </ul>
 </section>
 <section class="slide level1">
 <h2 id="a-word-on-binary-obfuscation">A Word On Binary Obfuscation</h2>
 <p>Software Obfuscation was born in 1984 at the <a
 href="https://ioccc.org/">International Obfuscated C Code
 Contest</a></p>
 <p><img src="./images/donut.gif" alt="A donut as code compiles to a spinning donut by Jim Hague" width="50%" height="auto"></p>
 </section>
 <section class="slide level1">
 <h3 id="what-exactly-might-be-obfuscated-in-your-code">What Exactly
 might be Obfuscated in Your Code?</h3>
 <section>
 <a
 href="https://cybersecurity.springeropen.com/track/pdf/10.1186/s42400-020-00049-3.pdf">Layered
 obfuscation: a taxonomy of software obfuscation techniques for layered
 security by Hui Xu et. al</a>
 </section>
 <section>
 <ul>
 <li class="fragment">Code Element Layers
 <ul>
 <li class="fragment">Layout</li>
 <li class="fragment">Controls</li>
 <li class="fragment">Data</li>
 <li class="fragment">Methods</li>
 <li class="fragment">Classes</li>
 </ul></li>
 </ul>
 </section>
 <section>
 <ul>
 <li class="fragment">Component
 <ul>
 <li class="fragment">Library Calls</li>
 <li class="fragment">Used Resources</li>
 </ul></li>
 <li class="fragment">Application Layer
 <ul>
 <li class="fragment">DRM System</li>
 <li class="fragment">Neural Networks</li>
 </ul></li>
 </ul>
 </section>
 </section>
 <section class="slide level1">
 <h2 id="techniques-of-obfuscation">Techniques of Obfuscation</h2>
 </section>
 <section class="slide level1">
 <h3 id="splitting-merging-of-strings">Splitting &amp; Merging of
 Strings</h3>
 <div class="sourceCode" id="cb3"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb3-1"><a href="#cb3-1" aria-hidden="true" tabindex="-1"></a><span class="ex">a</span> = <span class="st">&quot;BABE&quot;</span></span>
 <span id="cb3-2"><a href="#cb3-2" aria-hidden="true" tabindex="-1"></a><span class="ex">b</span> = <span class="st">&quot;CAFFEE&quot;</span></span>
 <span id="cb3-3"><a href="#cb3-3" aria-hidden="true" tabindex="-1"></a><span class="ex">f</span><span class="st">&quot;{b}{a}&quot;</span></span></code></pre></div>
 <p><a href="https://github.com/mandiant/flare-floss/">String
 Deobfuscation with FLOSS</a></p>
 </section>
 <section class="slide level1">
 <h2 id="packing">Packing</h2>
 <p>Compress binary data</p>
 <div class="sourceCode" id="cb4"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb4-1"><a href="#cb4-1" aria-hidden="true" tabindex="-1"></a>            <span class="ex">ooooo</span>     ooo  ooooooooo.  ooooooo  ooooo</span>
 <span id="cb4-2"><a href="#cb4-2" aria-hidden="true" tabindex="-1"></a>            <span class="kw">`</span><span class="ex">888</span><span class="st">&#39;     `8&#39;</span>  <span class="kw">`</span>888   <span class="kw">`</span><span class="ex">Y88.</span> <span class="kw">`</span>8888    d8<span class="st">&#39;</span></span>
 <span id="cb4-3"><a href="#cb4-3" aria-hidden="true" tabindex="-1"></a><span class="st">             888       8    888   .d88&#39;</span>   Y888..8P</span>
 <span id="cb4-4"><a href="#cb4-4" aria-hidden="true" tabindex="-1"></a>             <span class="ex">888</span>       8    888ooo88P<span class="st">&#39;     `8888&#39;</span></span>
 <span id="cb4-5"><a href="#cb4-5" aria-hidden="true" tabindex="-1"></a>             <span class="ex">888</span>       8    888           .8PY888.</span>
 <span id="cb4-6"><a href="#cb4-6" aria-hidden="true" tabindex="-1"></a>             <span class="kw">`</span><span class="ex">88.</span>    .8<span class="st">&#39;    888          d8&#39;</span>  <span class="kw">`</span>888b</span>
 <span id="cb4-7"><a href="#cb4-7" aria-hidden="true" tabindex="-1"></a>               <span class="kw">`</span><span class="ex">YbodP</span><span class="st">&#39;     o888o       o888o  o88888o</span></span></code></pre></div>
 <p><a href="https://upx.github.io/">UPX Packer/Unpacker</a></p>
 </section>
 <section class="slide level1">
 <h2 id="mangling">Mangling</h2>
 Library symbols in compiled code for data that have the same name
 <section>
 <pre><code data-trim data-noescape>
 c++filt
 _ZNSt7__cxx1114collate_bynameIcEC2ERKNS_12basic_stringIcSt11char_traitsIcESaIcEEEm
 std::__cxx11::collate_byname<char>::collate_byname(std::__cxx11::basic_string<char,
 std::char_traits<char>, std::allocator<char> > const&, unsigned long)
 </code></pre>
 </section>
 <section>
 <a href="https://demangler.io/" alt="demangler">Online Demangler</a>
 </section>
 </section>
 <section class="slide level1">
 <h2 id="code-elements">Code Elements</h2>
 <ul>
 <li class="fragment">Adding Unnecessary Instructions</li>
 <li class="fragment">Changing Control Flows</li>
 <li class="fragment">Protecting Data</li>
 </ul>
 <p><img src="./images/spaghetti.jpg" alt="Convoluted Code" width="26%" height="auto%"></p>
 </section>
 <section class="slide level1">
 <h3 id="deobfuscation-tools">Deobfuscation Tools</h3>
 <ul>
 <li class="fragment">DotNet
 <ul>
 <li class="fragment"><a href="https://github.com/de4dot/de4dot">de4dot
 Deobfuscator and Unpacker</a></li>
 <li class="fragment"><a href="https://github.com/dnSpy/dnSpy">dnSpy
 Debugger and Assembly Editor</a></li>
 <li class="fragment"><a
 href="https://github.com/icsharpcode/ILSpy">ILSpy Decompiler instead of
 Ghidra</a></li>
 </ul></li>
 </ul>
 </section>
 <section id="the-end" class="slide level1">
 <h1>The End</h1>
 <p><img src="./images/exploits_of_a_mom.png" alt="Convoluted Code" width="50%" height="auto%"></p>
 </section>
    </div>
  </div>
--- a/introduction-to-sql-injection/sql_injection.md
+++ b/introduction-to-sql-injection/sql_injection.md
@ -47,6 +47,11 @@ sql_query =
 ## How to Exploit an SQL Injection
 * Close the string through an ending quote
 * Continue the query with your own SQL code
 ---
 # The End
 <img src="./images/exploits_of_a_mom.png" alt="Convoluted Code" width="50%" height="auto%">