hohn/codeql-dataflow-sql-injection
1
0
Fork 0
mirror of https://github.com/hohn/codeql-dataflow-sql-injection.git synced 2025-12-16 18:23:05 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
e31039dd6487be205fcdec511aa85407d026c1e8
codeql-dataflow-sql-injection/README.org
Michael Hohn b241632815 'Running the program' sequence added to slides
2020-07-16 17:43:43 -07:00

688 B
Raw Blame History

SQL injection example

Setup and sample run 

  # Use a simple headline prompt 
  PS1='
  \033[32m---- SQL injection demo ----\[\033[33m\033[0m\]
  $?:$ '

  
  # Build
  ./build.sh

  # Prepare db
  ./admin rm-db
  ./admin create-db
  ./admin show-db

  # Add regular user interactively
  ./add-user 2>> users.log
  First User

  
  # Check
  ./admin show-db

  # Regular user via "external" process
  echo "User Outside" | ./add-user 2>> users.log
  ./admin show-db

  # Add Johnny Droptable 
  ./add-user 2>> users.log
  Johnny'); DROP TABLE users; --

  
  # And the problem:
  ./admin show-db