Overview

I wrote a standalone teaching aid for visualizing how MySQL injection attacks function using HTML and JavaScript/jQuery.

Aid is available at: https://projects.jason-rush.com/academy/mysql-injection/

Context

I have always had an attraction to helping teach others what I know, to pass on anything I can to help others improve themselves. While I don’t get to spend as much time playing with security and hacking these days, I once decided I’d like to convert a decent MySQL injection tutorial I’d found into something more interactive so those learning for the first time could actually see exactly what happens to the text you inject into an SQL query.

Project Overview

I decided to write the entire project in HTML and JavaScript/jQuery (no server-side processing required) so the page can be saved and viewed in a fully functional state any time in the future. The lack of server-side processing also means the teaching aid is completely secure with no way to be maliciously exploited.

I started by creating a proof-of-concept that dynamically inserted the contents of an input element into an HTML string. In order to create a more modular way to display, update, and add more steps to the guide later on, I inserted the various tutorial steps into an object (nested associative arrays). Finally, I paginated the list of tutorial steps in order to improve visual appeal of the page.