Open scorpiontornado opened 11 months ago
Will steal from SQLI2 instead, as a blacklist would be quite lacklustre for a login system - are you just gonna replace all ORs? What if their name was Eleanor? Doing it with the student data table, UNION, WHERE etc gives a lot more freedom to play with this.
From quoccabank sqli3:
@app.route('/', methods=['GET'])
def root():
query = request.args.get('q')
if query is not None:
# super powerful WAF
for bad in ['union', 'select', 'from', 'where', 'UNION', 'SELECT', 'FROM', 'WHERE']:
query = query.replace(bad, '')
return render_template('home.html', query=query, results=get_results(query))
return render_template('home.html')
def execute(query, parameters=None):
# yappa yappa
def get_results(q=None):
if q:
results = execute(f"SELECT * FROM search_engine WHERE title LIKE '%{q}%' OR description LIKE '%{q}%' OR link LIKE '%{q}%'")
else:
results = execute("SELECT * FROM search_engine")
return results.fetchall() if (results) else []
Blacklist
Steal the login template/backend from SQLI1, just replace keywords with the empty string before sending the query. Also should replace in the query viewer.
& write hints.