This is an extremely vulnerable application. Please do not deploy in production or host it on the Internet. You are responsible for this application and what you do with it.
This is a simple PHP application with multiple pages to demonstrate and learn SQL Injection.
The PHP code is extremely primitive but clearly demonstrates the vulnerability and can be used to teach the various kinds of SQL injection in a hands-on class.
dockerdocker-compose
- Clone this repository
- Run
docker-compose upin the root of the repo where thedocker-compose.ymlfile is present - Go to
http://127.0.0.1:8000/resetdb.phpto create the database and tables within the application.
If you wish to change the password of the root user when starting the containers, then the following files need to be updated with the new password that you choose
- edit the value of
MYSQL_ROOT_PASSWORDindocker-compose.yml - edit the value of
$DBPASSindb_config.php - edit the value of
$DBPASSinresetdb.php
The different inputs for each of the links can be found in walkthrough.md
To reset the database, navigate to /resetdb.php
The sqlitraining.sql file contains the entire database as an export. This file can be reviewed to see what the DB looks like in terms of the tables and data within.
- Pull requests are welcome
- Send us ideas and suggestions or feedback at contact@appsecco.com