Help Finding SQL Vulnerability in this Code

Home Forums Database Injections Help Finding SQL Vulnerability in this Code

This topic contains 0 replies, has 1 voice, and was last updated by  nesquil 8 months ago.

Viewing 1 post (of 1 total)
  • Author
  • #285

    def selectUsername(userlogin):
            username = pickle.loads(base64.decode(userlogin))
            username = "admin"
        query = "SELECT name FROM users WHERE name = '%s'"
        conn = MySQLdb.connect('localhost', 'dbAdmin', 'lka8j30lJJal##', 'blog');
        with conn:
            c = conn.cursor()
            c.execute(query, (username,))

    This is a Python script excerpt, it uses MYSQLdb to connect to a SQL database using the admin username and presumably, a hashed password.
    I believe the vulnerability is in the password, or in how the query is structered. It uses a variable placeholder %s where maybe a user could inject malicious code, however, I believe the try: and except: blocks prevent this.
    What are your thoughts on this code, do you spot any vulnerabilities?

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.