Closed yeswetran closed 1 year ago
Is it correct that the webpage runs fine when not doing a sql injection, but gives the name error only when you are doing the SQL injection? If that's the case, it means that you need to keep refining your injected SQL... you need to get something that will login without erroring.
That's a good point! Thing is, url_root
is not defined because it references line 49 of secretvault.py
, specifically:
so I'm not entirely sure what to do. Hopping around online forums, while teaching me a lot about SQL injections in general, have not been much help with this error in particular.
Ahh, I see. VSCode is wrong (you have it linked to the newer version of python instead of this version). Just run the python in the terminal following the directions and it will run.
For line 49 of
secret_vault.py
, VSCode gives me an error message sayingImport "local_settings" could not be resolved
. Any idea what I should do?I think I figured out an effective SQL injection, but I can't properly test it until I fix the local_settings problem, since I receive this NameError once executing the exploit: