Last active
January 13, 2017 10:28
-
-
Save cdunklau/c7e5ef68311c6822abb554b33d29b00d to your computer and use it in GitHub Desktop.
SQLite3 Injection demonstration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import sqlite3 | |
conn = sqlite3.connect(':memory:') | |
conn.execute('CREATE TABLE user (user_id INTEGER PRIMARY KEY, name TEXT)') | |
conn.commit() | |
cursor = conn.cursor() | |
for name in ['alice', 'bob', 'carol', 'david']: | |
cursor.execute('INSERT INTO user (name) VALUES (?)', (name,)) | |
conn.commit() | |
name_from_attacker = "alice' OR name NOTNULL--" | |
def print_all_rows(): | |
print('here are the current rows') | |
for row in cursor.execute('SELECT * FROM user'): | |
print(row) | |
def execute_safe_query(): | |
print('executing safe query') | |
query = "DELETE FROM user WHERE name = ?" | |
cursor.execute(query, (name_from_attacker,)) | |
def execute_injectable_query(): | |
print('executing injectable query') | |
query = "DELETE FROM user WHERE name = '%s'" % (name_from_attacker,) | |
cursor.execute(query) | |
print_all_rows() | |
execute_safe_query() | |
print('after safe query') | |
print_all_rows() | |
execute_injectable_query() | |
print('after injectable query') | |
print_all_rows() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
here are the current rows | |
(1, u'alice') | |
(2, u'bob') | |
(3, u'carol') | |
(4, u'david') | |
executing safe query | |
after safe query | |
here are the current rows | |
(1, u'alice') | |
(2, u'bob') | |
(3, u'carol') | |
(4, u'david') | |
executing injectable query | |
here are the current rows |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment