This project is a Flask web application that demonstrates SQL injection vulnerability.
This page allows users to register by providing a username, email, and password.
This view shows the database content, which can be manipulated through SQL injection.
Users can log in using their credentials. This page is vulnerable to SQL injection attacks.
The server logs show the running SQL script that gets injected by the attacker.
The hacker gains access to the admin dashboard through SQL injection.
To set up a virtual environment and install the required packages, follow these steps:
-
Create a virtual environment:
python -m venv venv
-
Activate the virtual environment:
- On Windows:
venv\Scripts\activate
- On macOS and Linux:
source venv/bin/activate
- On Windows:
-
Install the required packages:
pip install -r requirements.txt
To run the application, use the following command:
flask runapp.py: Main application file containing the Flask app and database functions.utils.py: Utility functions such as password hashing and key generation.templates/: HTML templates for rendering web pages.static/: Static files such as CSS and images.requirements.txt: Project dependencies.README.md: Project documentation.DEMO/: Folder containing screenshots used in the README.