Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mutliple SQL Injection Security Vulnerabilities #3

Open
tch1bo opened this issue Jan 16, 2019 · 0 comments
Open

Mutliple SQL Injection Security Vulnerabilities #3

tch1bo opened this issue Jan 16, 2019 · 0 comments

Comments

@tch1bo
Copy link

tch1bo commented Jan 16, 2019

Hello,

I noticed several SQL Injections in Server/database.py.

For example:

VideoHub/Server/database.py

Line 28 in dcc3308

done1 = self.cur.execute("SELECT password FROM users WHERE username=\"{}\"".format(username))

The issue here is that the unsanitized username is used to build an SQL query, which then gets executed. This allows attackers to own the database (see the OWASP page above for a complete list of risks).

To fix the issue i would suggest using prepared statements.
For example,
done1 = self.cur.execute("SELECT password FROM users WHERE username=\"{}\"".format(username))

can be rewritten to:

done1 = self.cur.execute("SELECT password FROM users WHERE username='%s'", username)

(all the other similar lines should be changed accordingly).

I found the bug while testing DeepCode’s AI Code Review. The tool can help you automate the process of finding such (and many other types of) bugs. You can sign-up your repo (free for Open Source) to receive notifications whenever new bugs are detected. You can give it a try here.

Any feedback is more than welcome at [email protected].
Cheers, Victor.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tch1bo