zimmersandro/cds-104
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SQL Injectionn

Browse Source
This commit is contained in:
git-sandro 2026-04-17 10:22:46 +02:00
parent ee3ac8b691
commit d3f05ce4a4
1 changed files with 13 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
notebooks/SQL-Injectionn mit Code.ipynb
View File

@ -27,12 +27,12 @@
}, },
{ {
"cell_type": "code", "cell_type": "code",
"execution_count": 17, "execution_count": 2,
"metadata": {}, "metadata": {},
"outputs": [], "outputs": [],
"source": [ "source": [
"# als nächstes bauen wir unsere Verbindung auf, legen eine Tabelle an und füllen diese mit zwei Usern:\n", "# als nächstes bauen wir unsere Verbindung auf, legen eine Tabelle an und füllen diese mit zwei Usern (bitte eigene Datenbank auswählen):\n",
"conn = psycopg2.connect (\"dbname=7Wochen user=postgres password=postgres\")\n", "conn = psycopg2.connect (\"dbname=7Wochen user=su password=postgres\")\n",
"\n", "\n",
"cursor = conn.cursor(cursor_factory=psycopg2.extras.RealDictCursor)\n", "cursor = conn.cursor(cursor_factory=psycopg2.extras.RealDictCursor)\n",
"\n", "\n",
@ -52,7 +52,7 @@
}, },
{ {
"cell_type": "code", "cell_type": "code",
"execution_count": 18, "execution_count": 3,
"metadata": {}, "metadata": {},
"outputs": [ "outputs": [
{ {
@ -62,7 +62,7 @@
" RealDictRow([('id', 2), ('username', 'user2'), ('password', 'password2')])]" " RealDictRow([('id', 2), ('username', 'user2'), ('password', 'password2')])]"
] ]
}, },
"execution_count": 18, "execution_count": 3,
"metadata": {}, "metadata": {},
"output_type": "execute_result" "output_type": "execute_result"
} }
@ -84,7 +84,7 @@
}, },
{ {
"cell_type": "code", "cell_type": "code",
"execution_count": 27, "execution_count": 4,
"metadata": {}, "metadata": {},
"outputs": [ "outputs": [
{ {
@ -129,14 +129,14 @@
}, },
{ {
"cell_type": "code", "cell_type": "code",
"execution_count": 28, "execution_count": 5,
"metadata": {}, "metadata": {},
"outputs": [ "outputs": [
{ {
"name": "stdout", "name": "stdout",
"output_type": "stream", "output_type": "stream",
"text": [ "text": [
"FEHLER: Zeichenkette in Anführungszeichen nicht abgeschlossen bei »'''«\n", "unterminated quoted string at or near \"'''\"\n",
"LINE 1: SELECT * FROM users WHERE username='user1' AND password='''\n", "LINE 1: SELECT * FROM users WHERE username='user1' AND password='''\n",
" ^\n", " ^\n",
"\n" "\n"
@ -171,7 +171,7 @@
}, },
{ {
"cell_type": "code", "cell_type": "code",
"execution_count": 29, "execution_count": 6,
"metadata": {}, "metadata": {},
"outputs": [ "outputs": [
{ {
@ -210,17 +210,14 @@
}, },
{ {
"cell_type": "code", "cell_type": "code",
"execution_count": 37, "execution_count": 7,
"metadata": {}, "metadata": {},
"outputs": [ "outputs": [
{ {
"name": "stdout", "name": "stdout",
"output_type": "stream", "output_type": "stream",
"text": [ "text": [
"FEHLER: Zeichenkette in Anführungszeichen nicht abgeschlossen bei »' OR 1=1 --«\n", "Login fehlgeschlagen\n"
"LINE 1: ...CT * FROM users WHERE username=user1 AND password=' OR 1=1 -...\n",
" ^\n",
"\n"
] ]
} }
], ],
@ -230,7 +227,7 @@
"password = \"' OR 1=1 --\"\n", "password = \"' OR 1=1 --\"\n",
"\n", "\n",
"try:\n", "try:\n",
" cursor.execute(f\"SELECT * FROM users WHERE username={username} AND password={password}\")\n", " cursor.execute(f\"SELECT * FROM users WHERE username=%s AND password=%s\", (username, password))\n",
" user = cursor.fetchone()\n", " user = cursor.fetchone()\n",
"\n", "\n",
" if user:\n", " if user:\n",
@ -269,7 +266,7 @@
"name": "python", "name": "python",
"nbconvert_exporter": "python", "nbconvert_exporter": "python",
"pygments_lexer": "ipython3", "pygments_lexer": "ipython3",
"version": "3.12.8" "version": "3.13.9"
} }
}, },
"nbformat": 4, "nbformat": 4,