Skip to content

Instantly share code, notes, and snippets.

@jearl4
Last active May 25, 2019
Embed
What would you like to do?
SQLI vulnerable code
function authenticate(req, res, next){
const username = req.query.username,
password = req.query.password
let sqlRequest = new sql.Request(),
sqlQuery = "select * from users where (username= '" + username + "' and password ='" + password + "')"
sqlRequest.query(sqlQuery).then(function(recordset){
if(recordset.length == 1){
loggedIn = true
//successful log in
} else {
authentication failed
}
})
.catch(next)
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment