Previous: How SQL Injection Works, Up: SQL Injection [Index]
If preventive measures are not taken, SQL injection attacks can cause many problems. Let’s inject some SQL code. Hitting the RUN button will open a web application. The edit function is vulnerable. Try to exploit it!
Your app can be found at:
{
"name": "psql-demo",
"version": "0.1.0",
"description": "PSQL demo for Securing Node JS Apps",
"main": "index.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1",
"start": "nodemon index.js",
"start:prod": "node index.js",
"build": "cd client && npm install && npm run build",
"client": "npm start --prefix client",
"dev": "concurrently \"npm run start\" \"npm run client\""
},
"author": "Educative",
"license": "MIT",
"dependencies": {
"body-parser": "^1.18.3",
"cors": "^2.8.5",
"express": "^4.16.4",
"concurrently": "^5.3.0",
"nodemon": "^2.0.4",
"password-generator": "^2.2.0",
"pg": "^8.3.3",
"pg-hstore": "^2.3.3",
"sequelize": "^6.3.5",
"http-proxy-middleware": "^1.0.5"
},
"devDependencies": {
"prettier": "^1.18.2"
}
}
const express = require("express");
const bodyParser = require("body-parser");
const cors = require("cors");
const app = express();
const routeStudents = require("./src/routes/students");
app.use(bodyParser.urlencoded({ extended: false }));
app.use(bodyParser.json());
app.use(cors());
app.get("/", (req, res) => {
res.send("Backend for queries app is working!");
});
app.use("/api/students", routeStudents, (req, res) => res.sendStatus(401));
const port = 3000;
app.listen(port);
console.log(`listening on ${port}`);
| • client | ||
| • src |