-
# SQL Injection
## SQL 인젝션이란?
SQL 인젝션은 웹 사이트의 보안상 허점을 이용해 특정 SQL 쿼리문을 전송해 공격자가 원하는 데이터베이스의 중요한 정보를 가져오는 해킹 기법이다.
대부분 클라이언트가 입력한 데이터를 제대로 필터링하지 못하는 경우에 발생한다.
공격의 쉬운 난이도에 비해 피해가 상당하기 때문에 보안 …
-
Neviem ci sa jedna o dolezity projekt ale mnoho SQL prikazov v routes zlozke dovoluje vykonat SQL Injection. Tu je jeden z nich. Ak to nie je dolezity projekt, issue mozes closnut.
https://github.c…
Ed-zo updated
3 years ago
-
Are the filters configured to detect a SQL injection attempt?
I passed
anything' OR '1'='1
to one form and it didn't detect it.
-
Here's the URL the ZAP is testing for SQLi
```
https://website.com/Search?serviceInstance=+AND+1%3D1+--+&ID=1&serviceInstanceParameter=&WorklistRequest=true
```
and the response contains 302 to lo…
-
Bom dia,
Foi encontrado algumas vulnerabilidades, eu sou um pesquisador da área de segurança de aplicações vou mostrar um trecho aonde esta vulnerável e gostaria de apontar isso.
…
-
Here: https://github.com/narenaryan/Salary-API/blob/master/app.py#L25
Since there's no input validation and no use of ORM, if the department name contains SQL code, your database is compromised.
-
https://github.com/teddybee-r/GwentOneDeckbuilder/blob/af36d6f5ebdf5b19d71bae58ad09e8667de70a6e/api.php#L15-L26
Here should be some sort of check if $lang is one expected languages. Passing unsanit…
-
This example app is vulnerable to SQL injection. It is possible to inject arbitrary SQL via the message parameter of the `/v1/messages` POST endpoint. I have used this to delete the production message…
-
Take care of vulnerabilities for sql injections.
-
Function map in views.py has a get args "tablename" which is not sanitised before being used in the Table object.
The Table object executes the sql directly also without any sanitising.
I Suggest san…