issues
search
North-Seattle-College
/
ad440-winter2021-thursday-repo
NSC AD 440 Winter 2021 Thursday cohort practicum repo
Apache License 2.0
2
stars
27
forks
source link
SQL injection test for POST /users/{user_id}/tasks
#189
Closed
farhadbahrehmandhenry
closed
3 years ago
farhadbahrehmandhenry
commented
3 years ago
issue #215
you can see a sample run here.
steps =>
create a test user to run the post request on it - we want to make that we are creating a task for a user that actually exists.
reading the created userId
create a task for the above userId with this SQL injection input: 'oops'); DELETE FROM users WHERE userId = ${{steps.userId.outputs.prop}}; --
reading the output of POST request
show the id of created task
making sure that the SQL injection statement wasn't successfully injected. get the user with above userId
read the output of GET request
show the retrieved userId
spent time =>
DATE
ACTIVITY
TIME
03/01
Investigation of Github Action/sql injection
4hr
03/01
Implement GitHub Action For sql injection
2 Hr
03/01
Testing GitHubAction
1hr
total
7hr
issue #215
you can see a sample run here.
steps =>
spent time =>