SQL Injection
One of the big vulnerabilities that are present on the Juice Shop app are SQL
Injection attacks. To test for and catch these SQL Injection
vulnerabilities,
you can use Metlo’s powerful Testing feature.
1. Setup
You can use Metlo’s CLI to push predefined templates for Juice Shop
SQL Injection
, BOLA
, and Broken Authentication
vulnerabilities.
metlo juice-shop init-templates
Once the templates have been pushed to Metlo, you can view them in the
Testing page. There are two
types of SQL Injection templates: JUICE_SHOP_SQLI
which checks if an endpoint
returns a non error status code for requests with SQL Injection payloads and
JUICE_SHOP_SQLI_TIME_BASED
which sends Time-based SQL Injection payloads and
checks if the database is forced to wait for a longer time interval.
2. Create Test
Next, you can create a test from your new JUICE_SHOP_SQLI
template. Go to the
Endpoints page in the Metlo Web App and
search for this endpoint /rest/user/login
. Go to the Endpoint Overview page
for that endpoint and click on the Tests
tab. Now, click Generate Test
and
JUICE_SHOP_SQLI
on the drop-down menu. You should now see the test yaml which
was generated from the template you pushed earlier. If you want to read in more
depth about how the Testing feature works, you can check out our docs on
writing a test.
3. Run Test
Now, you can hit the Run
button to see if the tests pass. One of the request
assertions failed because the request successfully logged in as an admin user
using a SQL injection payload for the email field.
You can also create a test for Time-based SQL Injection attacks. Follow the same
directions as in Steps 2 and 3 but when clicking Generate Test
, select the
JUICE_SHOP_SQLI_TIME_BASED
option from the drop-down menu instead.