Sunday, January 2, 2022

sql injection prevention

create database 5 users and passwords

sql injection penetrated unprotected vulnerable database

login bob with pass1, success

log tom with pass2, success

log tom with pass3, failed

protected by server, sql injection failed

reflective xss failed

dom xss failed

//app.js
const express = require('express')
const app = express()
const port = 8080
const path = require('path');

var bodyParser = require('body-parser')
app.use(bodyParser.json());       // to support JSON-encoded bodies
app.use(bodyParser.urlencoded({     // to support URL-encoded bodies
    extended: true
}));

// serve your css as static
app.use(express.static(__dirname + '/public'));

var mysql = require('mysql')
var connection = mysql.createConnection({
    host: '127.0.0.1',
    user: 'dvwa',
    password: 'p@ssw0rd',
    database: 'sqlinjection'
})

connection.connect()

//render html
app.set('view engine', 'ejs');
app.engine('html', require('ejs').renderFile);

app.get('/', function (req, res) {
    res.render('index');
});

app.post('/', function (req, res) {
    var name = req.body.name;
    var password = req.body.password;

    connection.query('SELECT * from login where name = ? and password = ?', [name, password], function (err, rows, fields) {
        if (err) throw err

        res.render('index', { data: rows });
    })

});

app.listen(port, () => {
    console.log(`Example app listening at http://localhost:${port}`)
})

-------------------------
//views/index.ejs
<html>

<head>
  <title>Express HTML</title>
  <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script>
  <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.1/css/bootstrap.min.css">
  <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.1/css/bootstrap-theme.min.css">
  <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.1/js/bootstrap.min.js"></script>
</head>

<body>
  <div style="margin:100px;">

    <class="navbar navbar-inverse navbar-static-top">
      <div class="container">
        <a class="navbar-brand" href="/">Express HTML</a>
        <ul class="nav navbar-nav">
          <li class="active">
            <a href="/">Home</a>
          </li>
          <li>
            <a href="/about">About</a>
          </li>
          <li>
            <a href="/sitemap">Sitemap</a>
          </li>
        </ul>
      </div>
      </nav>
      <div class="jumbotron" style="padding:40px;">
        <form action="" method="post">
          <table>
            <tr>
              <td><label>Name</label></td>
              <td><input type="text" name="name" /></td>
            </tr>
            <tr>
              <td><label>Password</label></td>
              <td><input type="password" name="password" /></td>
            </tr>
          </table><br />
          <input type="submit" />
        </form>
        <% if (locals.data) { %>
          <% if (data.length==0) {%>
            <div>login failed</div>
            <% }else{ %>
              <ul>
                <% data.forEach(function(person) { %>
                  <li> Name:<%= person.name %> Password:<%= person.password %>
                  </li>
                  <% }); %>
              </ul>
              <% } %>
                <% } %>
      </div>
  </div>
</body>

</html>

reference:
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)