Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MAJOR SECURITY BUG: Possibly Vulnerable to SQL Injections #7

Open
ShaneWD opened this issue Dec 17, 2020 · 0 comments
Open

MAJOR SECURITY BUG: Possibly Vulnerable to SQL Injections #7

ShaneWD opened this issue Dec 17, 2020 · 0 comments
Labels
wontfix This will not be worked on

Comments

@ShaneWD
Copy link
Owner

ShaneWD commented Dec 17, 2020
edited
Loading

Not fully vulnerable; If the credentials do not match, it only returns the print statement "Failure". However, if it says something like print("Wrong password for ", myresult) for line 167 in main.py, then we have a big problem; it will return the account id, username, and hashed password, along with the salt.

How to replicate this (if the else statement returns something other than "Failure"):

  • run main.py
  • Replicate:
    image
    image + hashed password & salt (both not included for security purposes)

Again, this is not a real threat, however, random apostrophes crash the program.

Video on how to prevent SQL injection here: https://youtu.be/pd-0G0MigUA?t=898

Credit to: Corey Schafer
@ShaneWD ShaneWD added bug Something isn't working wontfix This will not be worked on and removed bug Something isn't working labels Dec 17, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
wontfix This will not be worked on
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ShaneWD