hohn/codeql-dataflow-sql-injection
1
0
Fork 0
mirror of https://github.com/hohn/codeql-dataflow-sql-injection.git synced 2025-12-16 02:03:05 +01:00
Code Issues Packages Projects Releases Wiki Activity
13 Commits 2 Branches 2 Tags
d5b28fb6b5ec13a0f8d52313083e7371145702c5
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Michael Hohn d5b28fb6b5 project metadata
2020-07-20 13:53:28 -07:00
.gitignore
project metadata
2020-07-20 13:53:28 -07:00
add-user.c
Add simple logging
2020-06-29 17:25:19 -07:00
add-user.sh
Initial sql injection sample in C using sqlite
2020-06-29 15:29:45 -07:00
admin
'Running the program' sequence added to slides
2020-07-16 17:43:43 -07:00
build.sh
Add simple logging
2020-06-29 17:25:19 -07:00
codeql-dataflow-sql-injection.code-workspace
project metadata
2020-07-20 13:53:28 -07:00
dataflow.key
'Running the program' sequence added to slides
2020-07-16 17:43:43 -07:00
qlpack.yml
project metadata
2020-07-20 13:53:28 -07:00
README.org
'Running the program' sequence added to slides
2020-07-16 17:43:43 -07:00
SqlInjection.ql
sql injection: Flow configuration template
2020-07-20 13:53:10 -07:00

README.org

SQL injection example

Setup and sample run 

  # Use a simple headline prompt 
  PS1='
  \033[32m---- SQL injection demo ----\[\033[33m\033[0m\]
  $?:$ '

  
  # Build
  ./build.sh

  # Prepare db
  ./admin rm-db
  ./admin create-db
  ./admin show-db

  # Add regular user interactively
  ./add-user 2>> users.log
  First User

  
  # Check
  ./admin show-db

  # Regular user via "external" process
  echo "User Outside" | ./add-user 2>> users.log
  ./admin show-db

  # Add Johnny Droptable 
  ./add-user 2>> users.log
  Johnny'); DROP TABLE users; --

  
  # And the problem:
  ./admin show-db
Description
sql injection sample in C using sqlite
Readme 4.2 MiB
Languages
Shell 44.1%
C 30.9%
CodeQL 25%