hohn/codeql-dataflow-sql-injection
1
0
Fork 0
mirror of https://github.com/hohn/codeql-dataflow-sql-injection.git synced 2025-12-16 10:13:04 +01:00
Code Issues Packages Projects Releases Wiki Activity
10 Commits 2 Branches 2 Tags
90a3bee3809d5b2d159fcc6a47a981c98b772600
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Michael Hohn 90a3bee380 Update the sample run for slide creation
2020-07-16 17:03:46 -07:00
add-user.c
Add simple logging
2020-06-29 17:25:19 -07:00
add-user.sh
Initial sql injection sample in C using sqlite
2020-06-29 15:29:45 -07:00
admin
Initial sql injection sample in C using sqlite
2020-06-29 15:29:45 -07:00
build.sh
Add simple logging
2020-06-29 17:25:19 -07:00
dataflow.key
combined flow: animate global data flow and source
2020-06-30 17:25:20 -07:00
README.org
Update the sample run for slide creation
2020-07-16 17:03:46 -07:00

README.org

SQL injection example

Setup and sample run 

  # Use a simple headline prompt 
  PS1='
  \033[32m---- SQL injection demo ----\[\033[33m\033[0m\]
  $?:$ '


  # Build
  ./build.sh

  # Prepare db
  ./admin create-db
  ./admin show-db

  # Add regular user interactively
  ./add-user 2>> users.log
  ./admin show-db

  # Regular user via "external" process
  echo "sample user" | ./add-user 2>> users.log
  ./admin show-db

  # Add Johnny Droptable 
  ./add-user 2>> users.log
  Johnny'); DROP TABLE users; --

  # And the problem:
  ./admin show-db
Description
sql injection sample in C using sqlite
Readme 4.2 MiB
Languages
Shell 44.1%
C 30.9%
CodeQL 25%