Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
projectdiscovery
GitHub Repository: projectdiscovery/nuclei
 Path: blob/dev/pkg/testutils/fuzzplayground/sqli_test.go
2070 views
1
package fuzzplayground

2


3
import (

4
	"fmt"

5
	"net/http"

6
	"net/http/httptest"

7
	"testing"

8


9
	"github.com/stretchr/testify/require"

10
)

11


12
func TestSQLInjectionBehavior(t *testing.T) {

13
	server := GetPlaygroundServer()

14
	ts := httptest.NewServer(server)

15
	defer ts.Close()

16


17
	tests := []struct {

18
		name           string

19
		path           string

20
		expectedStatus int

21
		shouldContainAdmin bool

22
	}{

23
		{

24
			name:           "Normal request",

25
			path:           "/user/75/profile", // User 75 exists and has role 'user'

26
			expectedStatus: 200,

27
			shouldContainAdmin: false,

28
		},

29
		{

30
			name:           "SQL injection with OR 1=1",

31
			path:           "/user/75 OR 1=1/profile",

32
			expectedStatus: 200, // Should work but might return first user (admin)

33
			shouldContainAdmin: true, // Should return admin user data

34
		},

35
		{

36
			name:           "SQL injection with UNION",

37
			path:           "/user/1 UNION SELECT 1,'admin',30,'admin'/profile",

38
			expectedStatus: 200,

39
			shouldContainAdmin: true,

40
		},

41
		{

42
			name:           "Template payload test - OR True with 75",

43
			path:           "/user/75 OR True/profile", // What the template actually sends

44
			expectedStatus: 200, // Actually works!

45
			shouldContainAdmin: true, // Let's see if it returns admin

46
		},

47
		{

48
			name:           "Template payload test - OR True with 55 (non-existent)",

49
			path:           "/user/55 OR True/profile", // What the template should actually send

50
			expectedStatus: 200, // Should work due to SQL injection

51
			shouldContainAdmin: true, // Should return admin due to OR True

52
		},

53
		{

54
			name:           "Test original user 55 issue",

55
			path:           "/user/55/profile", // This should fail because user 55 doesn't exist  

56
			expectedStatus: 500,

57
			shouldContainAdmin: false,

58
		},

59
		{

60
			name:           "Invalid ID - non-existent",

61
			path:           "/user/999/profile",

62
			expectedStatus: 500, // Should error due to no such user

63
			shouldContainAdmin: false,

64
		},

65
	}

66


67
	for _, tt := range tests {

68
		t.Run(tt.name, func(t *testing.T) {

69
			resp, err := http.Get(ts.URL + tt.path)

70
			require.NoError(t, err)

71
			defer func() {

72
				if err := resp.Body.Close(); err != nil {

73
					t.Logf("Failed to close response body: %v", err)

74
				}

75
			}()

76


77
			require.Equal(t, tt.expectedStatus, resp.StatusCode)

78


79
			body := make([]byte, 1024)

80
			n, _ := resp.Body.Read(body)

81
			bodyStr := string(body[:n])

82


83
			fmt.Printf("Request: %s\n", tt.path)

84
			fmt.Printf("Status: %d\n", resp.StatusCode)

85
			fmt.Printf("Response: %s\n\n", bodyStr)

86


87
			if tt.shouldContainAdmin {

88
				require.Contains(t, bodyStr, "admin")

89
			}

90
		})

91
	}

92
}

93