Things&Things is a SQL Injection vulnerable web server designed to demonstrate and educate about the classic SQL Injection vulnerability.
To install and run Things&Things, follow these steps:
- Clone the repository:
https://github.com/entr0pie/Things-Things/
- Navigate to the project directory:
cd Things-Things
- Install the dependencies:
npm install
- Start the web-server:
node index.js
- Access
http://localhost:5000.
First, try doing some manual exploration (without sqlmap). This will help you to understand the basics of how SQL Injection works.
How to get started:
-
Make sure you have followed the installation instructions mentioned in the README file.
-
Once the app is running, you can start exploring different functionalities and input fields.
-
Experiment with various SQL injection techniques to manipulate the application's behavior and access unintended data.
-
If you're looking for hints or guidance, check this paper. If you want to see the how to exploit this app, step-by-step, see the secret/README.md file.
Remember, the purpose of this app is to understand the risks associated with SQL Injection and how to prevent it. Always use this knowledge responsibly and respect the security of others' systems.
Happy Hacking!
The Things&Things project is licensed under the MIT License.