stefan
/
presentations
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

worked on sql injection, added example page

This commit is contained in:
Stefan Friese 2024-04-12 14:21:09 +00:00
parent fad70625fd
commit 0e2175a8fc
16 changed files with 421 additions and 237 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
*.db
.mypy_cache/
__pycache__/

30
introduction-to-sql-injection/example/README.md Normal file
View File

@ -0,0 +1,30 @@
# Example project of a website including an SQL injection
This implementation is meant to be used for training purposes.
Do not use the code in production or development.
## Usage
Use python poetry to install dependencies in the following way.
```sh
poetry install
```
If you want to install the dependencies manually use a venv in the following way.
```sh
python3 -m venv venv
source venv/bin/activate
pip install flask
```
Dependencies can be found inside the `./pyproject.toml` file.
After installation has been done, start the flask server.
```sh
poetry run python3 ./flask_sqli.py
```
Now, the website is accessible at [localhost:5000](http://localhost:5000/)

11
introduction-to-sql-injection/example/create_db.py
View File

@ -1,21 +1,23 @@
import sqlite3
con = sqlite3.connect("secrets.db")
con = sqlite3.connect("users.db")
cur = con.cursor()
cur.execute("DROP TABLE IF EXISTS users")
cur.execute(
"""
CREATE TABLE user_data(
CREATE TABLE users(
user_id INTEGER PRIMARY KEY AUTOINCREMENT,
username TEXT, password TEXT, notes TEXT
);
)
"""
)
res = cur.execute(
"""
INSERT INTO user_data (username, password, notes)
INSERT INTO users (username, password, notes)
VALUES (
'admin',
's3cur3P455w0rd',
@ -26,7 +28,6 @@ res = cur.execute(
'catweasle_h3xh3x',
'sqli{f91f3b7d41a6a40070ce7112bebfaaab}'
)
;
"""
)

43
introduction-to-sql-injection/example/flask_sqli.py Normal file
View File

@ -0,0 +1,43 @@
from flask import Flask, request, render_template
import sqlite3
app = Flask(__name__)
app.secret_key = 'secret_key'
def db_connection():
conn = sqlite3.connect('users.db')
c = conn.cursor()
return c
@app.route('/')
def index():
return render_template('login.html')
@app.route('/login', methods=['POST'])
def login():
username = request.form['username']
password = request.form['password']
# Vulnerable code with SQL injection vulnerability
query = "SELECT * FROM users WHERE username='" + username + "' AND \
password='" + password + "'"
c = db_connection()
c.execute(query)
user = c.fetchone()
try:
if user:
login_failed = False
return render_template('profile.html')
else:
login_failed = True
return render_template('login.html', login_failed=login_failed, error_message=user)
except sqlite3.Error as e:
flash(f"{e}")
return render_template('login.html')
if __name__ == '__main__':
app.run(host='0.0.0.0', debug=True)

178
introduction-to-sql-injection/example/poetry.lock generated Normal file
View File

@ -0,0 +1,178 @@
# This file is automatically @generated by Poetry 1.8.2 and should not be changed by hand.
[[package]]
name = "blinker"
version = "1.7.0"
description = "Fast, simple object-to-object and broadcast signaling"
optional = false
python-versions = ">=3.8"
files = [
{file = "blinker-1.7.0-py3-none-any.whl", hash = "sha256:c3f865d4d54db7abc53758a01601cf343fe55b84c1de4e3fa910e420b438d5b9"},
{file = "blinker-1.7.0.tar.gz", hash = "sha256:e6820ff6fa4e4d1d8e2747c2283749c3f547e4fee112b98555cdcdae32996182"},
]
[[package]]
name = "click"
version = "8.1.7"
description = "Composable command line interface toolkit"
optional = false
python-versions = ">=3.7"
files = [
{file = "click-8.1.7-py3-none-any.whl", hash = "sha256:ae74fb96c20a0277a1d615f1e4d73c8414f5a98db8b799a7931d1582f3390c28"},
{file = "click-8.1.7.tar.gz", hash = "sha256:ca9853ad459e787e2192211578cc907e7594e294c7ccc834310722b41b9ca6de"},
]
[package.dependencies]
colorama = {version = "*", markers = "platform_system == \"Windows\""}
[[package]]
name = "colorama"
version = "0.4.6"
description = "Cross-platform colored terminal text."
optional = false
python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*,!=3.6.*,>=2.7"
files = [
{file = "colorama-0.4.6-py2.py3-none-any.whl", hash = "sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6"},
{file = "colorama-0.4.6.tar.gz", hash = "sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44"},
]
[[package]]
name = "flask"
version = "3.0.3"
description = "A simple framework for building complex web applications."
optional = false
python-versions = ">=3.8"
files = [
{file = "flask-3.0.3-py3-none-any.whl", hash = "sha256:34e815dfaa43340d1d15a5c3a02b8476004037eb4840b34910c6e21679d288f3"},
{file = "flask-3.0.3.tar.gz", hash = "sha256:ceb27b0af3823ea2737928a4d99d125a06175b8512c445cbd9a9ce200ef76842"},
]
[package.dependencies]
blinker = ">=1.6.2"
click = ">=8.1.3"
itsdangerous = ">=2.1.2"
Jinja2 = ">=3.1.2"
Werkzeug = ">=3.0.0"
[package.extras]
async = ["asgiref (>=3.2)"]
dotenv = ["python-dotenv"]
[[package]]
name = "itsdangerous"
version = "2.1.2"
description = "Safely pass data to untrusted environments and back."
optional = false
python-versions = ">=3.7"
files = [
{file = "itsdangerous-2.1.2-py3-none-any.whl", hash = "sha256:2c2349112351b88699d8d4b6b075022c0808887cb7ad10069318a8b0bc88db44"},
{file = "itsdangerous-2.1.2.tar.gz", hash = "sha256:5dbbc68b317e5e42f327f9021763545dc3fc3bfe22e6deb96aaf1fc38874156a"},
]
[[package]]
name = "jinja2"
version = "3.1.3"
description = "A very fast and expressive template engine."
optional = false
python-versions = ">=3.7"
files = [
{file = "Jinja2-3.1.3-py3-none-any.whl", hash = "sha256:7d6d50dd97d52cbc355597bd845fabfbac3f551e1f99619e39a35ce8c370b5fa"},
{file = "Jinja2-3.1.3.tar.gz", hash = "sha256:ac8bd6544d4bb2c9792bf3a159e80bba8fda7f07e81bc3aed565432d5925ba90"},
]
[package.dependencies]
MarkupSafe = ">=2.0"
[package.extras]
i18n = ["Babel (>=2.7)"]
[[package]]
name = "markupsafe"
version = "2.1.5"
description = "Safely add untrusted strings to HTML/XML markup."
optional = false
python-versions = ">=3.7"
files = [
{file = "MarkupSafe-2.1.5-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:a17a92de5231666cfbe003f0e4b9b3a7ae3afb1ec2845aadc2bacc93ff85febc"},
{file = "MarkupSafe-2.1.5-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:72b6be590cc35924b02c78ef34b467da4ba07e4e0f0454a2c5907f473fc50ce5"},
{file = "MarkupSafe-2.1.5-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e61659ba32cf2cf1481e575d0462554625196a1f2fc06a1c777d3f48e8865d46"},
{file = "MarkupSafe-2.1.5-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:2174c595a0d73a3080ca3257b40096db99799265e1c27cc5a610743acd86d62f"},
{file = "MarkupSafe-2.1.5-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:ae2ad8ae6ebee9d2d94b17fb62763125f3f374c25618198f40cbb8b525411900"},
{file = "MarkupSafe-2.1.5-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:075202fa5b72c86ad32dc7d0b56024ebdbcf2048c0ba09f1cde31bfdd57bcfff"},
{file = "MarkupSafe-2.1.5-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:598e3276b64aff0e7b3451b72e94fa3c238d452e7ddcd893c3ab324717456bad"},
{file = "MarkupSafe-2.1.5-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:fce659a462a1be54d2ffcacea5e3ba2d74daa74f30f5f143fe0c58636e355fdd"},
{file = "MarkupSafe-2.1.5-cp310-cp310-win32.whl", hash = "sha256:d9fad5155d72433c921b782e58892377c44bd6252b5af2f67f16b194987338a4"},
{file = "MarkupSafe-2.1.5-cp310-cp310-win_amd64.whl", hash = "sha256:bf50cd79a75d181c9181df03572cdce0fbb75cc353bc350712073108cba98de5"},
{file = "MarkupSafe-2.1.5-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:629ddd2ca402ae6dbedfceeba9c46d5f7b2a61d9749597d4307f943ef198fc1f"},
{file = "MarkupSafe-2.1.5-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:5b7b716f97b52c5a14bffdf688f971b2d5ef4029127f1ad7a513973cfd818df2"},
{file = "MarkupSafe-2.1.5-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:6ec585f69cec0aa07d945b20805be741395e28ac1627333b1c5b0105962ffced"},
{file = "MarkupSafe-2.1.5-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:b91c037585eba9095565a3556f611e3cbfaa42ca1e865f7b8015fe5c7336d5a5"},
{file = "MarkupSafe-2.1.5-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:7502934a33b54030eaf1194c21c692a534196063db72176b0c4028e140f8f32c"},
{file = "MarkupSafe-2.1.5-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:0e397ac966fdf721b2c528cf028494e86172b4feba51d65f81ffd65c63798f3f"},
{file = "MarkupSafe-2.1.5-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:c061bb86a71b42465156a3ee7bd58c8c2ceacdbeb95d05a99893e08b8467359a"},
{file = "MarkupSafe-2.1.5-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:3a57fdd7ce31c7ff06cdfbf31dafa96cc533c21e443d57f5b1ecc6cdc668ec7f"},
{file = "MarkupSafe-2.1.5-cp311-cp311-win32.whl", hash = "sha256:397081c1a0bfb5124355710fe79478cdbeb39626492b15d399526ae53422b906"},
{file = "MarkupSafe-2.1.5-cp311-cp311-win_amd64.whl", hash = "sha256:2b7c57a4dfc4f16f7142221afe5ba4e093e09e728ca65c51f5620c9aaeb9a617"},
{file = "MarkupSafe-2.1.5-cp312-cp312-macosx_10_9_universal2.whl", hash = "sha256:8dec4936e9c3100156f8a2dc89c4b88d5c435175ff03413b443469c7c8c5f4d1"},
{file = "MarkupSafe-2.1.5-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:3c6b973f22eb18a789b1460b4b91bf04ae3f0c4234a0a6aa6b0a92f6f7b951d4"},
{file = "MarkupSafe-2.1.5-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:ac07bad82163452a6884fe8fa0963fb98c2346ba78d779ec06bd7a6262132aee"},
{file = "MarkupSafe-2.1.5-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f5dfb42c4604dddc8e4305050aa6deb084540643ed5804d7455b5df8fe16f5e5"},
{file = "MarkupSafe-2.1.5-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:ea3d8a3d18833cf4304cd2fc9cbb1efe188ca9b5efef2bdac7adc20594a0e46b"},
{file = "MarkupSafe-2.1.5-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:d050b3361367a06d752db6ead6e7edeb0009be66bc3bae0ee9d97fb326badc2a"},
{file = "MarkupSafe-2.1.5-cp312-cp312-musllinux_1_1_i686.whl", hash = "sha256:bec0a414d016ac1a18862a519e54b2fd0fc8bbfd6890376898a6c0891dd82e9f"},
{file = "MarkupSafe-2.1.5-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:58c98fee265677f63a4385256a6d7683ab1832f3ddd1e66fe948d5880c21a169"},
{file = "MarkupSafe-2.1.5-cp312-cp312-win32.whl", hash = "sha256:8590b4ae07a35970728874632fed7bd57b26b0102df2d2b233b6d9d82f6c62ad"},
{file = "MarkupSafe-2.1.5-cp312-cp312-win_amd64.whl", hash = "sha256:823b65d8706e32ad2df51ed89496147a42a2a6e01c13cfb6ffb8b1e92bc910bb"},
{file = "MarkupSafe-2.1.5-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:c8b29db45f8fe46ad280a7294f5c3ec36dbac9491f2d1c17345be8e69cc5928f"},
{file = "MarkupSafe-2.1.5-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:ec6a563cff360b50eed26f13adc43e61bc0c04d94b8be985e6fb24b81f6dcfdf"},
{file = "MarkupSafe-2.1.5-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a549b9c31bec33820e885335b451286e2969a2d9e24879f83fe904a5ce59d70a"},
{file = "MarkupSafe-2.1.5-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:4f11aa001c540f62c6166c7726f71f7573b52c68c31f014c25cc7901deea0b52"},
{file = "MarkupSafe-2.1.5-cp37-cp37m-musllinux_1_1_aarch64.whl", hash = "sha256:7b2e5a267c855eea6b4283940daa6e88a285f5f2a67f2220203786dfa59b37e9"},
{file = "MarkupSafe-2.1.5-cp37-cp37m-musllinux_1_1_i686.whl", hash = "sha256:2d2d793e36e230fd32babe143b04cec8a8b3eb8a3122d2aceb4a371e6b09b8df"},
{file = "MarkupSafe-2.1.5-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:ce409136744f6521e39fd8e2a24c53fa18ad67aa5bc7c2cf83645cce5b5c4e50"},
{file = "MarkupSafe-2.1.5-cp37-cp37m-win32.whl", hash = "sha256:4096e9de5c6fdf43fb4f04c26fb114f61ef0bf2e5604b6ee3019d51b69e8c371"},
{file = "MarkupSafe-2.1.5-cp37-cp37m-win_amd64.whl", hash = "sha256:4275d846e41ecefa46e2015117a9f491e57a71ddd59bbead77e904dc02b1bed2"},
{file = "MarkupSafe-2.1.5-cp38-cp38-macosx_10_9_universal2.whl", hash = "sha256:656f7526c69fac7f600bd1f400991cc282b417d17539a1b228617081106feb4a"},
{file = "MarkupSafe-2.1.5-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:97cafb1f3cbcd3fd2b6fbfb99ae11cdb14deea0736fc2b0952ee177f2b813a46"},
{file = "MarkupSafe-2.1.5-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1f3fbcb7ef1f16e48246f704ab79d79da8a46891e2da03f8783a5b6fa41a9532"},
{file = "MarkupSafe-2.1.5-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:fa9db3f79de01457b03d4f01b34cf91bc0048eb2c3846ff26f66687c2f6d16ab"},
{file = "MarkupSafe-2.1.5-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:ffee1f21e5ef0d712f9033568f8344d5da8cc2869dbd08d87c84656e6a2d2f68"},
{file = "MarkupSafe-2.1.5-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:5dedb4db619ba5a2787a94d877bc8ffc0566f92a01c0ef214865e54ecc9ee5e0"},
{file = "MarkupSafe-2.1.5-cp38-cp38-musllinux_1_1_i686.whl", hash = "sha256:30b600cf0a7ac9234b2638fbc0fb6158ba5bdcdf46aeb631ead21248b9affbc4"},
{file = "MarkupSafe-2.1.5-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:8dd717634f5a044f860435c1d8c16a270ddf0ef8588d4887037c5028b859b0c3"},
{file = "MarkupSafe-2.1.5-cp38-cp38-win32.whl", hash = "sha256:daa4ee5a243f0f20d528d939d06670a298dd39b1ad5f8a72a4275124a7819eff"},
{file = "MarkupSafe-2.1.5-cp38-cp38-win_amd64.whl", hash = "sha256:619bc166c4f2de5caa5a633b8b7326fbe98e0ccbfacabd87268a2b15ff73a029"},
{file = "MarkupSafe-2.1.5-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:7a68b554d356a91cce1236aa7682dc01df0edba8d043fd1ce607c49dd3c1edcf"},
{file = "MarkupSafe-2.1.5-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:db0b55e0f3cc0be60c1f19efdde9a637c32740486004f20d1cff53c3c0ece4d2"},
{file = "MarkupSafe-2.1.5-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:3e53af139f8579a6d5f7b76549125f0d94d7e630761a2111bc431fd820e163b8"},
{file = "MarkupSafe-2.1.5-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:17b950fccb810b3293638215058e432159d2b71005c74371d784862b7e4683f3"},
{file = "MarkupSafe-2.1.5-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:4c31f53cdae6ecfa91a77820e8b151dba54ab528ba65dfd235c80b086d68a465"},
{file = "MarkupSafe-2.1.5-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:bff1b4290a66b490a2f4719358c0cdcd9bafb6b8f061e45c7a2460866bf50c2e"},
{file = "MarkupSafe-2.1.5-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:bc1667f8b83f48511b94671e0e441401371dfd0f0a795c7daa4a3cd1dde55bea"},
{file = "MarkupSafe-2.1.5-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:5049256f536511ee3f7e1b3f87d1d1209d327e818e6ae1365e8653d7e3abb6a6"},
{file = "MarkupSafe-2.1.5-cp39-cp39-win32.whl", hash = "sha256:00e046b6dd71aa03a41079792f8473dc494d564611a8f89bbbd7cb93295ebdcf"},
{file = "MarkupSafe-2.1.5-cp39-cp39-win_amd64.whl", hash = "sha256:fa173ec60341d6bb97a89f5ea19c85c5643c1e7dedebc22f5181eb73573142c5"},
{file = "MarkupSafe-2.1.5.tar.gz", hash = "sha256:d283d37a890ba4c1ae73ffadf8046435c76e7bc2247bbb63c00bd1a709c6544b"},
]
[[package]]
name = "werkzeug"
version = "3.0.2"
description = "The comprehensive WSGI web application library."
optional = false
python-versions = ">=3.8"
files = [
{file = "werkzeug-3.0.2-py3-none-any.whl", hash = "sha256:3aac3f5da756f93030740bc235d3e09449efcf65f2f55e3602e1d851b8f48795"},
{file = "werkzeug-3.0.2.tar.gz", hash = "sha256:e39b645a6ac92822588e7b39a692e7828724ceae0b0d702ef96701f90e70128d"},
]
[package.dependencies]
MarkupSafe = ">=2.1.1"
[package.extras]
watchdog = ["watchdog (>=2.3)"]
[metadata]
lock-version = "2.0"
python-versions = "^3.11"
content-hash = "bd088dde30dfcf8fd3b70f5ef89b5a64561c2d092bc581de6bacf86c390470f6"

16
introduction-to-sql-injection/example/pyproject.toml Normal file
View File

@ -0,0 +1,16 @@
[tool.poetry]
name = "sql-injection-flask"
version = "0.1.0"
description = "A Flask implementation including an SQL injection."
authors = ["whx <mail@stefan.works>"]
readme = "README.md"
package-mode = false
[tool.poetry.dependencies]
python = "^3.11"
Flask = "^3.0.3"
[build-system]
requires = ["poetry-core"]
build-backend = "poetry.core.masonry.api"

BIN
introduction-to-sql-injection/example/static/coffeeshop-logo.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 50 KiB

BIN
introduction-to-sql-injection/example/static/hacker-cat.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 185 KiB

4
introduction-to-sql-injection/example/static/logo.svg Normal file
View File

@ -0,0 +1,4 @@
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100" width="100" height="100">
<path fill="#3d3d3d" d="M50 0c27.574 0 50 22.426 50 50s-22.426 50-50 50S0 77.574 0 50 22.426 0 50 0zm0 8C29.043 8 12 25.043 12 46c0 10.481 4.141 20.017 10.886 27.012L50 92l27.114-18.988C83.859 66.017 88 56.481 88 46c0-20.957-17.043-38-38-38zm12 34c2.206 0 4-1.794 4-4s-1.794-4-4-4H38c-2.206 0-4 1.794-4 4s1.794 4 4 4h24z"/>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 424 B

52
introduction-to-sql-injection/example/static/stylesheet.css Normal file
View File

@ -0,0 +1,52 @@
/* Body */
body {
font-family: Arial, sans-serif; /* Arial as the first choice, followed by generic sans-serif */
background-color: #f4f4f4; /* Light gray */
margin: 0;
padding: 0;
}
/* Login container */
.login-container {
background-color: #fff; /* White */
padding: 20px;
border-radius: 8px;
box-shadow: 0 2px 4px rgba(0, 0, 0, 0.1);
width: 300px;
margin: 50px auto; /* Center the container horizontally and add spacing from the top */
}
h2 {
text-align: center;
margin-bottom: 20px;
}
label {
font-weight: bold;
}
input[type="text"],
input[type="password"] {
width: 100%;
padding: 10px;
margin-bottom: 20px;
border: 1px solid #ccc;
border-radius: 4px;
box-sizing: border-box;
}
input[type="submit"] {
width: 100%;
padding: 10px;
background-color: #007bff; /* Blue */
color: #fff;
border: none;
border-radius: 4px;
cursor: pointer;
font-size: 16px;
}
input[type="submit"]:hover {
background-color: #0056b3; /* Darker blue */
}

31
introduction-to-sql-injection/example/templates/login.html Normal file
View File

@ -0,0 +1,31 @@
{% extends "template.html" %}
{% block info %}
<div class="login-container">
<h2>Login</h2>
{% with messages = get_flashed_messages(with_categories=True) %}
{% if messages %}
{% for category, message in messages %}
<div class="alert alert-{{ category }}">
<h5>{{ message }}</h5>
</div>
{% endfor %}
{% endif %}
{% endwith %}
{% if login_failed %}
<div id="login-failed-msg" style="color: red; text-align: center;
margin-bottom: 10px;">
Login Failed
</div>
{% endif %}
<form action="/login" method="post">
<label for="username">Username:</label><br>
<input type="text" id="username" name="username"><br>
<label for="password">Password:</label><br>
<input type="password" id="password" name="password"><br><br>
<input type="submit" value="Login">
</form>
</div>
{% if error_message %}
{{ error_message }}
{% endif %}
{% endblock info %}

7
introduction-to-sql-injection/example/templates/profile.html Normal file
View File

@ -0,0 +1,7 @@
{% extends "template.html" %}
{% block info %}
You made it, grab a coffee!
<br></br>
<img src="../static/hacker-cat.jpg" alt="Coffee Shop Logo" class="logo">
{% endblock info %}

33
introduction-to-sql-injection/example/templates/template.html Normal file
View File

@ -0,0 +1,33 @@
<!DOCTYPE html>
<html lang="en">
<head>
<!-- Basic Page Needs
-->
<meta charset="utf-8">
{% if title %}
<title>{{ title }}</title>
{% endif %}
<!-- Mobile Specific Metas
-->
<meta name="viewport" content="width=device-width, initial-scale=1 shrink-to-fit=no">
<!-- FONT
-->
<!-- <link href="//fonts.googleapis.com/css?family=Raleway:400,300,600" rel="stylesheet" type="text/css"> -->
<link rel="stylesheet" href="../static/stylesheet.css">
<link rel="icon" type="image/jpg" href="../static/coffeeshop-logo.jpg">
</head>
<body>
<!-- Primary Page Layout
-->
<div style="margin-top:5%; margin-left:5%">
<div style="width:100%;">
<div style="width: 80%; height: 100px; float: left;">
{% block info %}
{% endblock %}
</div>
</div>
</div>
<!-- End Document
-->
</body>
</html>

BIN
introduction-to-sql-injection/images/exploits_of_a_mom.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 31 KiB

239
introduction-to-sql-injection/presentation.html
View File

@ -124,9 +124,9 @@ Next Presentation</li>
<h3 id="number-1">Number 1</h3>
<p>An SQL Query as a string embedded in other languages</p>
<div class="sourceCode" id="cb1"><pre
class="sourceCode python"><code class="sourceCode python"><span id="cb1-1"><a href="#cb1-1" aria-hidden="true" tabindex="-1"></a>sql_query <span class="op">=</span> </span>
class="sourceCode python"><code class="sourceCode python"><span id="cb1-1"><a href="#cb1-1" aria-hidden="true" tabindex="-1"></a>sql_query <span class="op">=</span></span>
<span id="cb1-2"><a href="#cb1-2" aria-hidden="true" tabindex="-1"></a> cursor.execute(</span>
<span id="cb1-3"><a href="#cb1-3" aria-hidden="true" tabindex="-1"></a> <span class="st">&quot;SELECT * FROM user_data where username = &#39;foo&#39; and password = &#39;s3cur3P4ssw0rd&quot;</span></span>
<span id="cb1-3"><a href="#cb1-3" aria-hidden="true" tabindex="-1"></a> <span class="st">&quot;SELECT * FROM user_data where username = &#39;admin&#39; and password = &#39;s3cur3P4ssw0rd&#39;&quot;</span></span>
<span id="cb1-4"><a href="#cb1-4" aria-hidden="true" tabindex="-1"></a> )</span></code></pre></div>
</section>
<section class="slide level1">
@ -134,243 +134,24 @@ class="sourceCode python"><code class="sourceCode python"><span id="cb1-1"><a hr
<h3 id="number-2">Number 2</h3>
<p>User input is possible as a part of said SQL query</p>
<div class="sourceCode" id="cb2"><pre
class="sourceCode python"><code class="sourceCode python"><span id="cb2-1"><a href="#cb2-1" aria-hidden="true" tabindex="-1"></a>sql_query <span class="op">=</span> cursor.execute(<span class="st">&quot;SELECT * FROM user_data where username = &#39;</span><span class="sc">%s</span><span class="st">&#39;&quot;</span> <span class="op">%</span> username)</span></code></pre></div>
class="sourceCode python"><code class="sourceCode python"><span id="cb2-1"><a href="#cb2-1" aria-hidden="true" tabindex="-1"></a>sql_query <span class="op">=</span></span>
<span id="cb2-2"><a href="#cb2-2" aria-hidden="true" tabindex="-1"></a> cursor.execute(</span>
<span id="cb2-3"><a href="#cb2-3" aria-hidden="true" tabindex="-1"></a> <span class="st">&quot;SELECT * FROM user_data where username = &#39;</span><span class="sc">%s</span><span class="st">&#39; and password = &#39;</span><span class="sc">%s</span><span class="st">&#39;&quot;</span>,</span>
<span id="cb2-4"><a href="#cb2-4" aria-hidden="true" tabindex="-1"></a> <span class="op">%</span> (username, password)</span>
<span id="cb2-5"><a href="#cb2-5" aria-hidden="true" tabindex="-1"></a> )</span></code></pre></div>
</section>
<section class="slide level1">
<h2 id="how-to-exploit-an-sql-injection">How to Exploit an SQL
Injection</h2>
<p>Work is a product of power by time.<br />
<code>P</code> is your power to solve an issue.</p>
<p><code>W = P x t</code></p>
<p>The smarter you tackle work, the less time you need to solve an
issue.</p>
</section>
<section class="slide level1">
<h2 id="knowledge-is-a-map">Knowledge is a Map</h2>
<p>You conventiently drive around the city using the underground. Thats
how you get to know the main spots of the city.</p>
<p><img src="./images/london_underground.jpg" alt="London Underground" width="50%" height="auto"></p>
</section>
<section class="slide level1">
<h2 id="knowledge-is-a-map-1">Knowledge is a Map</h2>
<p>Invest some time and explore deeper on foot. Thats how you get to
know the back alleys.</p>
<p><img src="./images/london_by_foot.jpg" alt="London by Foot" width="50%" height="auto"></p>
</section>
<section id="ghidra-an-overview" class="slide level1">
<h1>Ghidra an Overview</h1>
</section>
<section class="slide level1">
<figure>
<img data-src="./images/Ghidra-Overview.png"
alt="Main View of Ghidra" />
<figcaption aria-hidden="true">Main View of Ghidra</figcaption>
</figure>
</section>
<section class="slide level1">
<h2 id="watch-out-for-low-hanging-fruits">Watch Out for Low Hanging
Fruits</h2>
</section>
<section class="slide level1">
<ul>
<li class="fragment">Data Segment</li>
<li class="fragment">Names of Functions</li>
<li class="fragment">Conditions &amp; Comparisons</li>
<li class="fragment">Strings: Usernames, Passwords</li>
<li class="fragment">URLs, IP &amp; Port Numbers</li>
</ul>
<p><strong>Do not try to understand the whole code at once, it will only
drive you mad.</strong></p>
</section>
<section class="slide level1">
<h3 id="data-segments">Data Segments</h3>
<p><img src="./images/data-segments.png" alt="A look into the read only data segment" width="70%" height="auto"></p>
<p>A look into the read only data segment</p>
</section>
<section class="slide level1">
<h3 id="name-of-functions">Name of Functions</h3>
<figure>
<img data-src="./images/symbol-tree.png"
alt="Functions contained in the binary a.k.a. Symbol Tree" />
<figcaption aria-hidden="true">Functions contained in the binary a.k.a.
Symbol Tree</figcaption>
</figure>
</section>
<section class="slide level1">
<h3 id="conditions-comparisions">Conditions &amp; Comparisions</h3>
<p><img src="./images/decompiled-code.png" alt="Input is Compared to a Hard Coded String" width="50%" height="auto"></p>
<p>Input is compared to a hard coded string</p>
</section>
<section class="slide level1">
<h3 id="function-graph">Function Graph</h3>
<p><img src="./images/function-graph.png" alt="Take a Look at the Flow Graph of Functions" width="50%" height="auto"></p>
<p>Take a look at the flow graph of functions</p>
</section>
<section class="slide level1">
<h3 id="strings">Strings</h3>
<p><img src="./images/defined-strings-menu.png" alt="Open the Defined Strings Menu" width="50%" height="auto"></p>
<p>Strings can not only be located in data but also in other code
segments, sometimes obfuscated</p>
</section>
<section class="slide level1">
<h3 id="strings-1">Strings</h3>
<figure>
<img data-src="./images/defined-strings.png" alt="An old friend" />
<figcaption aria-hidden="true">An old friend</figcaption>
</figure>
</section>
<section class="slide level1">
<h3 id="binary-patching">Binary Patching</h3>
<p>Bypass any undesireable condition via a <code>NOP</code>
instruction.</p>
<p><img src="./images/nop.jpg" alt="NOP, export your patched binary" width="30%" height="auto"></p>
<p>NOP, export your patched binary</p>
</section>
<section class="slide level1">
<h3 id="do-it-yourselves">Do It Yourselves!</h3>
<ul>
<li class="fragment"><a href="https://ghidra-sre.org/">Download
Ghidra</a></li>
<li class="fragment"><a href="https://crackmes.one">Download binaries at
crackmes.one</a></li>
<li class="fragment"><a href="https://hackthebox.eu">Find more binaries
on hackthebox</a></li>
<li class="fragment"><a href="https://tryhackme.com">Or Find even more
on tryhackme</a></li>
<li class="fragment">Download firmware of your favorite IoT
appliances</li>
</ul>
</section>
<section class="slide level1">
<h2 id="a-word-on-binary-obfuscation">A Word On Binary Obfuscation</h2>
<p>Software Obfuscation was born in 1984 at the <a
href="https://ioccc.org/">International Obfuscated C Code
Contest</a></p>
<p><img src="./images/donut.gif" alt="A donut as code compiles to a spinning donut by Jim Hague" width="50%" height="auto"></p>
</section>
<section class="slide level1">
<h3 id="what-exactly-might-be-obfuscated-in-your-code">What Exactly
might be Obfuscated in Your Code?</h3>
<section>
<a
href="https://cybersecurity.springeropen.com/track/pdf/10.1186/s42400-020-00049-3.pdf">Layered
obfuscation: a taxonomy of software obfuscation techniques for layered
security by Hui Xu et. al</a>
</section>
<section>
<ul>
<li class="fragment">Code Element Layers
<ul>
<li class="fragment">Layout</li>
<li class="fragment">Controls</li>
<li class="fragment">Data</li>
<li class="fragment">Methods</li>
<li class="fragment">Classes</li>
</ul></li>
</ul>
</section>
<section>
<ul>
<li class="fragment">Component
<ul>
<li class="fragment">Library Calls</li>
<li class="fragment">Used Resources</li>
</ul></li>
<li class="fragment">Application Layer
<ul>
<li class="fragment">DRM System</li>
<li class="fragment">Neural Networks</li>
</ul></li>
</ul>
</section>
</section>
<section class="slide level1">
<h2 id="techniques-of-obfuscation">Techniques of Obfuscation</h2>
</section>
<section class="slide level1">
<h3 id="splitting-merging-of-strings">Splitting &amp; Merging of
Strings</h3>
<div class="sourceCode" id="cb3"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb3-1"><a href="#cb3-1" aria-hidden="true" tabindex="-1"></a><span class="ex">a</span> = <span class="st">&quot;BABE&quot;</span></span>
<span id="cb3-2"><a href="#cb3-2" aria-hidden="true" tabindex="-1"></a><span class="ex">b</span> = <span class="st">&quot;CAFFEE&quot;</span></span>
<span id="cb3-3"><a href="#cb3-3" aria-hidden="true" tabindex="-1"></a><span class="ex">f</span><span class="st">&quot;{b}{a}&quot;</span></span></code></pre></div>
<p><a href="https://github.com/mandiant/flare-floss/">String
Deobfuscation with FLOSS</a></p>
</section>
<section class="slide level1">
<h2 id="packing">Packing</h2>
<p>Compress binary data</p>
<div class="sourceCode" id="cb4"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb4-1"><a href="#cb4-1" aria-hidden="true" tabindex="-1"></a> <span class="ex">ooooo</span> ooo ooooooooo. ooooooo ooooo</span>
<span id="cb4-2"><a href="#cb4-2" aria-hidden="true" tabindex="-1"></a> <span class="kw">`</span><span class="ex">888</span><span class="st">&#39; `8&#39;</span> <span class="kw">`</span>888 <span class="kw">`</span><span class="ex">Y88.</span> <span class="kw">`</span>8888 d8<span class="st">&#39;</span></span>
<span id="cb4-3"><a href="#cb4-3" aria-hidden="true" tabindex="-1"></a><span class="st"> 888 8 888 .d88&#39;</span> Y888..8P</span>
<span id="cb4-4"><a href="#cb4-4" aria-hidden="true" tabindex="-1"></a> <span class="ex">888</span> 8 888ooo88P<span class="st">&#39; `8888&#39;</span></span>
<span id="cb4-5"><a href="#cb4-5" aria-hidden="true" tabindex="-1"></a> <span class="ex">888</span> 8 888 .8PY888.</span>
<span id="cb4-6"><a href="#cb4-6" aria-hidden="true" tabindex="-1"></a> <span class="kw">`</span><span class="ex">88.</span> .8<span class="st">&#39; 888 d8&#39;</span> <span class="kw">`</span>888b</span>
<span id="cb4-7"><a href="#cb4-7" aria-hidden="true" tabindex="-1"></a> <span class="kw">`</span><span class="ex">YbodP</span><span class="st">&#39; o888o o888o o88888o</span></span></code></pre></div>
<p><a href="https://upx.github.io/">UPX Packer/Unpacker</a></p>
</section>
<section class="slide level1">
<h2 id="mangling">Mangling</h2>
Library symbols in compiled code for data that have the same name
<section>
<pre><code data-trim data-noescape>
c++filt
_ZNSt7__cxx1114collate_bynameIcEC2ERKNS_12basic_stringIcSt11char_traitsIcESaIcEEEm
std::__cxx11::collate_byname<char>::collate_byname(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&, unsigned long)
</code></pre>
</section>
<section>
<a href="https://demangler.io/" alt="demangler">Online Demangler</a>
</section>
</section>
<section class="slide level1">
<h2 id="code-elements">Code Elements</h2>
<ul>
<li class="fragment">Adding Unnecessary Instructions</li>
<li class="fragment">Changing Control Flows</li>
<li class="fragment">Protecting Data</li>
</ul>
<p><img src="./images/spaghetti.jpg" alt="Convoluted Code" width="26%" height="auto%"></p>
</section>
<section class="slide level1">
<h3 id="deobfuscation-tools">Deobfuscation Tools</h3>
<ul>
<li class="fragment">DotNet
<ul>
<li class="fragment"><a href="https://github.com/de4dot/de4dot">de4dot
Deobfuscator and Unpacker</a></li>
<li class="fragment"><a href="https://github.com/dnSpy/dnSpy">dnSpy
Debugger and Assembly Editor</a></li>
<li class="fragment"><a
href="https://github.com/icsharpcode/ILSpy">ILSpy Decompiler instead of
Ghidra</a></li>
</ul></li>
<li class="fragment">Close the string through an ending quote</li>
<li class="fragment">Continue the query with your own SQL code</li>
</ul>
</section>
<section id="the-end" class="slide level1">
<h1>The End</h1>
<p><img src="./images/exploits_of_a_mom.png" alt="Convoluted Code" width="50%" height="auto%"></p>
</section>
</div>
</div>

5
introduction-to-sql-injection/sql_injection.md
View File

@ -47,6 +47,11 @@ sql_query =
## How to Exploit an SQL Injection
* Close the string through an ending quote
* Continue the query with your own SQL code
---
# The End
<img src="./images/exploits_of_a_mom.png" alt="Convoluted Code" width="50%" height="auto%">