Open scorpiontornado opened 8 months ago
TODO - display results (loop template), javascript query viewer, redteaming test, add padding on right of search bar
Update hint. ILIKE not supported, only LIKE and LOWER()/UPPER(). Also, zid is a number not string.... can't use LIKE anyway. Do we want them to be able to enter first and last name? Or ZID? Former would allow us to use the LIKE thing to display all rows but idk if its realistic. ZID lookup people names/emails seems more realistic to me, considering you wouldn't often want to go from name -> ZID as they are arbitrary.
Find another way to avoid the bug "no such column: test" when entering a non-numeric value like "test". This way prevents you from injecting anything rip
UNION attack, cross-table. sqlite_master table (equivalent of MySQL's information_schema).
See Kris' SQLI prerecorded lecture for more info.
What do people care about at uni/highschool? Clothes/shopping... MARKS!
Might be strikingly close to Kris' example (he also does marks + sqlite), but I could either implement it differently or simply just distinguish with my query viewer. Also, I have no idea how that was coded so I'd still be figuring things out and learning.
TODO: