Skip to content

A simple NodeJS WebSocket WebApp vulnerable to blind SQL injection

Notifications You must be signed in to change notification settings

rayhan0x01/nodejs-websocket-sqli

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

NodeJS WebSocket SQLi vulnerable WebApp

A one-day build of a vulnerable WebSocket app on NodeJS to practice boolean based SQLi over WebSocket.

I made this for others to learn and automate SQLi over WebSocket, additionally an input box is added to the homepage to quickly test out a query. Here are some exercises for practice:

  • Try dumping some data from the DB through the input box on the homepage.
  • Build a script to automate dumping data via boolean-based blind SQLi over WebSocket.
  • Build a script to automate dumping data via Time-based blind SQLi over WebSocket.
  • Build a middle-ware HTTP Server script to relay SQLMap payloads to WebSocket.

Check my blog post where I have shared the last exercise here: https://rayhan0x01.github.io/ctf/2021/04/02/blind-sqli-over-websocket-automation.html

Run

  1. run : docker-compose up
  2. visit : http://localhost:8156/

ScreenShots

About

A simple NodeJS WebSocket WebApp vulnerable to blind SQL injection

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published