Initial sql injection sample in C using sqlite

2025-12-16 18:23:05 +01:00 · 2020-06-29 15:29:45 -07:00
commit 5210f57197
5 changed files with 148 additions and 0 deletions
--- a/add-user.sh
+++ b/add-user.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+get-user-info () {
+    echo "*** Welcome to sql injection ***"
+    read -r -p "Please enter name: " NAME
+}
+
+get-new-id () {
+    ID=$(/bin/bash -c 'echo $$')
+}
+
+add-user-info () {
+    echo "
+    INSERT INTO users VALUES ($ID, '$NAME')
+    " | sqlite3 users.sqlite 
+}
+
+show-user-info () {
+    echo "We have the following information for you:"
+    echo "
+    select * FROM users where user_id=$ID
+    " | sqlite3 users.sqlite 
+}
+
+get-user-info
+get-new-id
+add-user-info
+show-user-info