The exploit given in the README was not effective because there

seems to be a limitation on executing `INSERT` statements in
line with the arbitrary sqlite string.

Instead let's provide a table of users to dump from the search box.

Author: Adam Baldwin

README.md

@@ -37,5 +37,5 @@ docker-compose up --build --detach
 ```
 
 ## Known Vulnerabilities
-* SQL Injection via search box. - `a%'; insert into items values (default, 'hacker item name','bad bad description'); select * from ITEMS where name like  '%banan`
+* SQL Injection via search box. - `item%' union all select * from user; -- `
 * Cross Site Scripting via search box. - `<script>alert("hey guy");</script>`

bootstrapdb.js

@@ -6,17 +6,45 @@ db.serialize(function () {
     if (err) {
       console.error(err);
     } else {
-      const stmt = db.prepare('INSERT INTO item VALUES (null, ?, ?)', function (err) {
+      const itemTbl = db.prepare('INSERT INTO item VALUES (null, ?, ?)', function (err) {
         if (err) {
           console.error(err)
         }
       });
 
       for (var i = 0; i < 3; i++) {
-        stmt.run('item-' + i, 'item-' + i + ' is the great item evar');
+        itemTbl.run('item-' + i, 'item-' + i + ' is the great item evar');
       }
 
-      stmt.finalize(function (err) {
+      itemTbl.finalize(function (err) {
+        if (err) {
+          console.error(err)
+        } else {
+          db.close(function (err) {
+            if (err) {
+              console.error(err)
+            }
+          });
+        }
+      });
+    }
+  });
+
+
+  db.run('CREATE TABLE user (id INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, username NVARCHAR(1024) NOT NULL, password TEXT NOT NULL)', function (err) {
+    if (err) {
+      console.error(err);
+    } else {
+      const userTbl = db.prepare('INSERT INTO user VALUES (null, ?, ?)', function (err) {
+        if (err) {
+          console.error(err)
+        }
+      });
+      userTbl.run('admin', 'S3cr37P@$$w0rD!');
+      userTbl.run('user1', 'bad_password');
+      userTbl.run('user2', 'worse');
+      userTbl.run('user3', 'fail');
+      userTbl.finalize(function (err) {
         if (err) {
           console.error(err)
         } else {