hohn/codeql-dataflow-sql-injection
1
0
Fork 0
mirror of https://github.com/hohn/codeql-dataflow-sql-injection.git synced 2025-12-16 18:23:05 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
90a3bee3809d5b2d159fcc6a47a981c98b772600
codeql-dataflow-sql-injection/README.org
Michael Hohn 90a3bee380 Update the sample run for slide creation
2020-07-16 17:03:46 -07:00

624 B
Raw Blame History

SQL injection example

Setup and sample run 

  # Use a simple headline prompt 
  PS1='
  \033[32m---- SQL injection demo ----\[\033[33m\033[0m\]
  $?:$ '


  # Build
  ./build.sh

  # Prepare db
  ./admin create-db
  ./admin show-db

  # Add regular user interactively
  ./add-user 2>> users.log
  ./admin show-db

  # Regular user via "external" process
  echo "sample user" | ./add-user 2>> users.log
  ./admin show-db

  # Add Johnny Droptable 
  ./add-user 2>> users.log
  Johnny'); DROP TABLE users; --

  # And the problem:
  ./admin show-db