Skip to content

Commit

Permalink
Updated docs
Browse files Browse the repository at this point in the history
  • Loading branch information
subashsn committed Aug 20, 2018
1 parent ffe81de commit 073b15e
Show file tree
Hide file tree
Showing 3 changed files with 3 additions and 2 deletions.
Binary file modified docs/resources/sqli1.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
2 changes: 1 addition & 1 deletion docs/solution/a1-injection.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ http://127.0.0.1:9090/app/usersearch
By injecting a single quote `'`, we see an error has occurred.
![sqli1](/resources/sqli1.png "SQLi Trigger")

An attacker can exploit this further and obtain potentially sensitive information from the database by supplying the input `' UNION SELECT password,1 from Users where login='user' --`
An attacker can exploit this further and obtain potentially sensitive information from the database by supplying the input `' UNION SELECT password,1 from Users where login='user' -- //`
![sqli2](/resources/sqli2.png "Exploiting SQLi")

**Vulnerable Code snippet**
Expand Down
3 changes: 2 additions & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,8 @@
"doc": "docs"
},
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
"test": "echo \"Error: no test specified\" && exit 1",
"start": "node server.js"
},
"author": "sns",
"license": "MIT",
Expand Down

0 comments on commit 073b15e

Please sign in to comment.