In this lab you will create a Flask app login vulnerable to SQL injection. Learn the basics of SQL injection by actually writing code that is vulnerable to it. Hack your own Flask app login page and then rewrite the code to not be vulnerable. The impact of SQL injection could be catastrophic so make sure to learn about it.
Create SQL injection vulnerable code – flask app vulnerable to SQL injection
The lab instructions can be found over at https://bowtiedguppy.substack.com/p/flask-app-login-vulnerable-to-sql-injection. This lab will follow up on the build and hack a simple flask app with OWASP lab. By adding login functionality to the web app and on purpose introducing a SQL injection vulnerability to the login function.
Develop and Hack: SQL Injection
This lab will help you think from two angles:
- From the developer perspective
- From the hacker perspective
How to write SQL inject-able code, how to detect and exploit it and then how to remediate it.
Why SQL injection?
Introducing SQL injection into the login function of the web app will force you to understand how this vulnerability is introduced in code. What kind of code does a developer need to create in order to make it vulnerable and how can it be fixed?
If you yourself is the one introducing the vulnerability – on purpose – you will know exactly what is going on behind the scenes when later attempting to exploit the SQL injection vulnerability.
SQL injection has been chosen for this lab because it is on the OWASP top 10 list, more precisely in place three: injections. So this is a very real vulnerability and a very severe one.
What is SQL?
SQL (Structured Query Language) is used as the go type of programming language when storing data in a structured way, hence the name. Before actually storing and interacting with the data someone needs to design the implementation.
Data is stored within tables, what tables are needed and how do they connect to each other? What fields should be present in each table and what type of fields? How are the tables related to each other? SQL is often used for relational databases of structured data.
What is SQL injection?
The easiest way to explain it is by giving an example. Think of a website which has a login page. To access the contents of the website you need to provide a valid username and password. When you submit your credentials the web server will query the database to see if the credentials match anyone in the database.
SQL injection would occur if in the username field you could enter text or characters that when it’s sent back to the database for validation would not be considered just a username but SQL code. If that were to happen you could write SQL code in the username field to manipulate the database.
- Getting access even though you did not have an account.
- Add a new account.
- Delete the whole database.
SQL injection occurs when user input is without sanitation sent to be evaluated as SQL code. An attacker could then inject SQL code into the application. The impact of this could be catastrophic.
If you enjoyed this lab you will also probably like the create a XSS vulnerable website lab to learn about XSS and improve your skill even further!
