hohn/codeql-dataflow-sql-injection
1
0
Fork 0
mirror of https://github.com/hohn/codeql-dataflow-sql-injection.git synced 2025-12-16 18:23:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

'Running the program' sequence added to slides

Browse Source
This commit is contained in:
Michael Hohn
2020-07-16 17:43:43 -07:00
committed by =Michael Hohn
parent 90a3bee380
commit b241632815
3 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
README.org
View File

@@ -6,26 +6,32 @@
\033[32m---- SQL injection demo ----\[\033[33m\033[0m\] \033[32m---- SQL injection demo ----\[\033[33m\033[0m\]
$?:$ ' $?:$ '
# Build # Build
./build.sh ./build.sh
# Prepare db # Prepare db
./admin rm-db
./admin create-db ./admin create-db
./admin show-db ./admin show-db
# Add regular user interactively # Add regular user interactively
./add-user 2>> users.log ./add-user 2>> users.log
First User
# Check
./admin show-db ./admin show-db
# Regular user via "external" process # Regular user via "external" process
echo "sample user" | ./add-user 2>> users.log echo "User Outside" | ./add-user 2>> users.log
./admin show-db ./admin show-db
# Add Johnny Droptable # Add Johnny Droptable
./add-user 2>> users.log ./add-user 2>> users.log
Johnny'); DROP TABLE users; -- Johnny'); DROP TABLE users; --
# And the problem: # And the problem:
./admin show-db ./admin show-db

4
admin
View File

@@ -1,4 +1,8 @@
#!/bin/bash #!/bin/bash
rm-db () {
rm users.sqlite
}
create-db () { create-db () {
echo ' echo '
CREATE TABLE users ( CREATE TABLE users (

BIN
dataflow.key
View File

Binary file not shown.