Help Finding SQL Vulnerability in this Code

Home Forums Database Injections Help Finding SQL Vulnerability in this Code

This topic contains 0 replies, has 1 voice, and was last updated by  nesquil 3 months, 3 weeks ago.

Viewing 1 post (of 1 total)
  • Author
    Posts
  • #285

    nesquil
    Participant
    def selectUsername(userlogin):
        try:
            username = pickle.loads(base64.decode(userlogin))
        except:
            username = "admin"
        query = "SELECT name FROM users WHERE name = '%s'"
        conn = MySQLdb.connect('localhost', 'dbAdmin', 'lka8j30lJJal##', 'blog');
        with conn:
            c = conn.cursor()
            c.execute(query, (username,))
    

    This is a Python script excerpt, it uses MYSQLdb to connect to a SQL database using the admin username and presumably, a hashed password.
    I believe the vulnerability is in the password, or in how the query is structered. It uses a variable placeholder %s where maybe a user could inject malicious code, however, I believe the try: and except: blocks prevent this.
    What are your thoughts on this code, do you spot any vulnerabilities?

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.