hohn/codeql-dataflow-sql-injection
1
0
Fork 0
mirror of https://github.com/hohn/codeql-dataflow-sql-injection.git synced 2025-12-16 18:23:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update the sample run for slide creation

Browse Source
This commit is contained in:
Michael Hohn
2020-07-16 17:03:46 -07:00
committed by =Michael Hohn
parent 4c5174bdf5
commit 90a3bee380
1 changed files with 13 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
README.org
View File

@@ -1,8 +1,16 @@
* SQL injection example * SQL injection example
** Setup and sample run ** Setup and sample run
#+BEGIN_SRC sh #+BEGIN_SRC sh
# Use a simple headline prompt
PS1='
\033[32m---- SQL injection demo ----\[\033[33m\033[0m\]
$?:$ '
# Build
./build.sh ./build.sh
# Prepare db
./admin create-db ./admin create-db
./admin show-db ./admin show-db
@@ -10,13 +18,15 @@
./add-user 2>> users.log ./add-user 2>> users.log
./admin show-db ./admin show-db
# Regular user # Regular user via "external" process
echo "sample user" | ./add-user 2>> users.log echo "sample user" | ./add-user 2>> users.log
./admin show-db ./admin show-db
# Johnny Droptable # Add Johnny Droptable
echo "Johnny'); DROP TABLE users; -- " | ./add-user 2>> users.log ./add-user 2>> users.log
Johnny'); DROP TABLE users; --
# And the problem:
./admin show-db ./admin show-db
#+END_SRC #+END_SRC