hohn/codeql-dataflow-sql-injection
1
0
Fork 0
mirror of https://github.com/hohn/codeql-dataflow-sql-injection.git synced 2025-12-16 10:13:04 +01:00
Code Issues Packages Projects Releases Wiki Activity
12 Commits 2 Branches 2 Tags
e31039dd6487be205fcdec511aa85407d026c1e8
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE

README.org

SQL injection example

Setup and sample run 

  # Use a simple headline prompt 
  PS1='
  \033[32m---- SQL injection demo ----\[\033[33m\033[0m\]
  $?:$ '

  
  # Build
  ./build.sh

  # Prepare db
  ./admin rm-db
  ./admin create-db
  ./admin show-db

  # Add regular user interactively
  ./add-user 2>> users.log
  First User

  
  # Check
  ./admin show-db

  # Regular user via "external" process
  echo "User Outside" | ./add-user 2>> users.log
  ./admin show-db

  # Add Johnny Droptable 
  ./add-user 2>> users.log
  Johnny'); DROP TABLE users; --

  
  # And the problem:
  ./admin show-db
Description
sql injection sample in C using sqlite
Readme 4.2 MiB
Languages
Shell 44.1%
C 30.9%
CodeQL 25%