Not fully vulnerable; If the credentials do not match, it only returns the print statement "Failure". However, if it says something like print("Wrong password for ", myresult) for line 167 in main.py, then we have a big problem; it will return the account id, username, and hashed password, along with the salt.
How to replicate this (if the else statement returns something other than "Failure"):
- run main.py
- Replicate:
+ hashed password & salt (both not included for security purposes)
Again, this is not a real threat, however, random apostrophes crash the program.
Video on how to prevent SQL injection here: https://youtu.be/pd-0G0MigUA?t=898
Credit to: Corey Schafer
Not fully vulnerable; If the credentials do not match, it only returns the print statement "Failure". However, if it says something like
print("Wrong password for ", myresult)for line 167 in main.py, then we have a big problem; it will return the account id, username, and hashed password, along with the salt.How to replicate this (if the else statement returns something other than "Failure"):
Again, this is not a real threat, however, random apostrophes crash the program.
Video on how to prevent SQL injection here: https://youtu.be/pd-0G0MigUA?t=898
Credit to: Corey Schafer