Share
## https://sploitus.com/exploit?id=0DB783C9-31BD-51A4-85E9-F33850C3FBE5
# SQL Injection (SQLi) - Database Exfiltration Lab

## Overview
A localized security lab demonstrating Union-Based SQL Injection (SQLi) on a Flask-based search portal. This project illustrates how improper input sanitization in SQL queries can lead to full database exposure and sensitive data exfiltration (CWE-89).

## The Vulnerability (Insecure Direct Object Reference / SQLi)
The application constructs SQL queries using raw string formatting rather than parameterized queries. This allow an attacker to "break out" of the intended query logic and append a `UNION SELECT` statement, effectively merging the results of a hidden table (passwords, SSNs) into the public-facing UI.

## Lab Components
* **Target (`vulnerable_app.py`):** A Python application using an in-memory SQLite database with a vulnerable search endpoint.
* **Exploit (`sqli_exploit.py`):** An automated exfiltration engine that crafts the SQL payload to extract unauthorized records.

## Execution
1. **Setup:**
   ```bash
   git clone [https://github.com/this-is-the-invincible-meghnad/SQLi-Exfiltration-Lab.git](https://github.com/this-is-the-invincible-meghnad/SQLi-Exfiltration-Lab.git)
   cd SQLi-Exfiltration-Lab
   python -m venv venv
   .\venv\Scripts\activate
   pip install flask requests
   ```