SQLi-pentest is a simple web application that is vulnerable to SQL injection attacks. The goal of this application is to provide a safe environment for security enthusiasts to practice their SQL injection skills.
SQL injection (SQLi) is a type of attack where an attacker can execute malicious SQL statements to manipulate a web application's database. This can lead to unauthorized access to sensitive data, modification of data, or even deletion of the entire database. SQLi attacks are categorized into different types, including in-band (same channel), inferential (blind), and out-of-band.
To make it run simply type:
docker compose up -d
this will start all containers in order to make the application work.
To shut down the application, simply type
docker compose down
this will stop all containers and remove them.
After running the containers correctly, you can visit the page at :
localhost:4000
To check the database from terminal, run :
docker exec -it postgres bash
psql -h postgres -U user -d database
Insert the password : .UYr930Qr
Then, in PSQL interactive shell run:
select * from users;