wathne / dat250-2024-assignment

MIT License
0 stars 0 forks source link

SQL injection #3

Open LisaCabot opened 1 week ago

LisaCabot commented 1 week ago

Description: The application does not sanitize its URIs or SQL queries created from user inputs, such as account creation fields, adding friends, comments, posts or editing profiles. Potential Impact: The SQL injection vulnerability allows for an attacker to extract data from the database, including user data such as personal information and login credentials. Affected part of the application: The database and backend that handles queries. Type of vulnerability: SQL Injection (https://cwe.mitre.org/data/definitions/89.html)

LisaCabot commented 1 day ago

Added min and max limit as well as character limitation to all the input windows in index, friends, post, comments and profile. This should stop most if not all of the SQL injections, leaving nly the url to fix.