Skip to content

Instantly share code, notes, and snippets.

@jearl4
Last active May 25, 2019 03:26
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save jearl4/2a40af0c2737bb6795f8791b9954bae5 to your computer and use it in GitHub Desktop.
SQLI vulnerable code
function authenticate(req, res, next){
const username = req.query.username,
password = req.query.password
let sqlRequest = new sql.Request(),
sqlQuery = "select * from users where (username= '" + username + "' and password ='" + password + "')"
sqlRequest.query(sqlQuery).then(function(recordset){
if(recordset.length == 1){
loggedIn = true
//successful log in
} else {
authentication failed
}
})
.catch(next)
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment