search

gcivil-nyu-org / fall24-monday-team1

0 stars 1 forks source link

500 Error when trying to do SQL injection #183

Open SamuelVRPO opened 3 days ago

SamuelVRPO commented 3 days ago
  1. Account used: team3
  2. Error encountered: 500 server error
  3. Steps to reproduce:
    • Click on 'Search for Game'
    • Enter '' OR 1 = 1; DROP TABLE Games; into the search bar
    • Click Search The table is not actually dropped but I get an 500 error.
  4. Instead of an error, I should get the regular 'No games found' screen. Screenshot 2024-11-21 at 12 35 47 PM

    Screenshot 2024-11-21 at 12 35 47 PM (2)

    Screenshot 2024-11-21 at 12 36 04 PM

    Screenshot 2024-11-21 at 12 36 04 PM (2)

ad6641 commented 3 days ago

thanks for raising this bug! identified and fixed this bug in the linked commit. will test and merge with dev and then main once testing party is complete!