## https://sploitus.com/exploit?id=0DB783C9-31BD-51A4-85E9-F33850C3FBE5
# SQL Injection (SQLi) - Database Exfiltration Lab
## Overview
A localized security lab demonstrating Union-Based SQL Injection (SQLi) on a Flask-based search portal. This project illustrates how improper input sanitization in SQL queries can lead to full database exposure and sensitive data exfiltration (CWE-89).
## The Vulnerability (Insecure Direct Object Reference / SQLi)
The application constructs SQL queries using raw string formatting rather than parameterized queries. This allow an attacker to "break out" of the intended query logic and append a `UNION SELECT` statement, effectively merging the results of a hidden table (passwords, SSNs) into the public-facing UI.
## Lab Components
* **Target (`vulnerable_app.py`):** A Python application using an in-memory SQLite database with a vulnerable search endpoint.
* **Exploit (`sqli_exploit.py`):** An automated exfiltration engine that crafts the SQL payload to extract unauthorized records.
## Execution
1. **Setup:**
```bash
git clone [https://github.com/this-is-the-invincible-meghnad/SQLi-Exfiltration-Lab.git](https://github.com/this-is-the-invincible-meghnad/SQLi-Exfiltration-Lab.git)
cd SQLi-Exfiltration-Lab
python -m venv venv
.\venv\Scripts\activate
pip install flask requests
```