A simple NodeJS WebSocket WebApp vulnerable to blind SQL injection

Last update: Dec 27, 2022

Related tags

Overview

NodeJS WebSocket SQLi vulnerable WebApp

A one-day build of a vulnerable WebSocket app on NodeJS to practice boolean based SQLi over WebSocket.

I made this for others to learn and automate SQLi over WebSocket, additionally an input box is added to the homepage to quickly test out a query. Here are some exercises for practice:

Try dumping some data from the DB through the input box on the homepage.
Build a script to automate dumping data via boolean-based blind SQLi over WebSocket.
Build a script to automate dumping data via Time-based blind SQLi over WebSocket.
Build a middle-ware HTTP Server script to relay SQLMap payloads to WebSocket.

Check my blog post where I have shared the last exercise here: https://rayhan0x01.github.io/ctf/2021/04/02/blind-sqli-over-websocket-automation.html

Run

run : docker-compose up
visit : http://localhost:8156/

ScreenShots

TypeScript clients for databases that prevent SQL Injection

Safe From HTML Injection Using tagged template literals for queries, e.g. db.query(sql`SELECT * FROM users WHERE id=${userID}`); makes it virtually im

Dec 21, 2022

A simple UI client for most SQL Engines written in Electron. It is compatible with Windows, Mac, Ubuntu / Debian and Redhat. It supports most dialects of RMBDs like MySQL, Microsoft SQL Server, Postgres, SQLite and has limited supports for Cassandra, MongoDB and Redis.

sqlui-native sqlui-native is a simple UI client for most SQL Engines written in Electron. It is compatible with most desktop OS's and support most dia

Jan 1, 2023

Blog-webapp - A simple webapp prototype that serves tech news, blogs, and anything else a developer might want to learn or get help with

Blog Web app A simple webapp prototype that serves tech news, blogs, and anythin

Nov 3, 2022

it is websocket-store for using easily websocket

Socket-Store It is Websocket Store How to use 1. Install # npm npm install socket-store # yarn yarn add socket-store 2. Create MessageHandler and

Sep 13, 2022

Connect to private Google Cloud SQL instance through Cloud SQL Auth Proxy running in Kubernetes.

⛅ google-cloud-sql A CLI app which establishes a connection to a private Google Cloud SQL instance and port-forwards it to a local machine. Connection

Oct 16, 2022

Intentionally Vulnerable Nodejs Application & APIs

ivna Intentionally Vulnerable Nodejs Application & APIs Vulnerable Task Manager Application & APIs build using Nodejs,mongoose. Background While learn

Nov 12, 2022

A functional, immutable, type safe and simple dependency injection library inspired by angular.

func-di English | 简体中文 A functional, immutable, type safe and simple dependency injection library inspired by Angular. Why func-di Installation Usage

Dec 11, 2022

A simple url shorter API built with nodejs running on Kubernetes in Google Cloud, using PostgreSQL for storage and cloud sql proxy.

Simple URL Shorter - Google Cloud - Kubernetes A simple url shorter API built with nodejs running on Kubernetes in Google Cloud, using PostgreSQL for

Nov 25, 2021

How to build a chat using Lambda + WebSocket + API Gateway? (nodejs)

Description Source code for the lambda function from the screencast How to build a chat using Lambda + WebSocket + API Gateway? (nodejs) The reactjs c

Dec 28, 2022

Test for client-side script injection via NFTs

Rektosaurus A test suite to check for client-side script injection via NFTs. Overview NFTs contain a variety of metadata and content that gets process

Jun 28, 2022

A simpliest DI(Dependency Injection) example

di-example A simpliest DI(Dependency Injection) example showing how dependency injection actually works. How to Run Install dependency with your favor

Dec 6, 2022

GPU Drops' captcha solving extension without affiliate tracking code injection

Noptcha, without affiliate link injection Noptcha is a reCaptcha and hCaptcha solving extension created by GPU Drops. This fork was made because I hat

Dec 26, 2022

TypeScript Transformer for injection-js

TypeScript Transformer for injection-js TypeScript Transformer for injection-js, inspired by angular-cli. Why need this No more emitDecoratorMetadata

Dec 4, 2022

This is another Express + TypeScript + DDD (Domain Driven Design patterns) + IoC/DI (Inversion of control and Dependency injection) + Primsa ORM + API REST boilerplate.

Express-TS-DDD REST API This is another Express + TypeScript + DDD (Domain Driven Design patterns) + IoC/DI (Inversion of control and Dependency injec

Nov 3, 2022

ORM for TypeScript and JavaScript (ES7, ES6, ES5). Supports MySQL, PostgreSQL, MariaDB, SQLite, MS SQL Server, Oracle, SAP Hana, WebSQL databases. Works in NodeJS, Browser, Ionic, Cordova and Electron platforms.

TypeORM is an ORM that can run in NodeJS, Browser, Cordova, PhoneGap, Ionic, React Native, NativeScript, Expo, and Electron platforms and can be used

Jan 3, 2023

Kustomizegoat - Vulnerable Kustomize Kubernetes templates for training and education

KustomizeGoat - Vulnerable by design Kustomize deployment Demonstrating secure a

Nov 1, 2022

Node.js Express + MySQL vulnerable boilerplate project

Sep 16, 2022

Scans your computer for node modules that are potentially vulnerable to supply chain attacks

Scans your computer for node modules that are potentially vulnerable to supply chain attacks. You still need to review the code of modules that are not vulnerable, but this helps.

Apr 11, 2022

AWSGoat : A Damn Vulnerable AWS Infrastructure

AWS GOAT Compromising an organization's cloud infrastructure is like sitting on a gold mine for attackers. And sometimes, a simple misconfiguration or

Dec 28, 2022

Owner

Rayhan Ahmed

GitHub

Azure Data Studio is a data management tool that enables you to work with SQL Server, Azure SQL DB and SQL DW from Windows, macOS and Linux.

Azure Data Studio is a data management tool that enables working with SQL Server, Azure SQL DB and SQL DW from Windows, macOS and Linux.

7k Dec 31, 2022