Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- query = "SELECT * FROM users WHERE username='admin' UNION SELECT null, password, null FROM users where username='admin' -- AND password='[User Input]some_password'"
- result = db.execute(query).fetchallI()
- # Then checks if the password input is equal to query output
- row = result[0]
- if row["password"] == password: # Problematic password check
- try:
- session["user_id"] = int(row["id"])
- session["username"] = row["username"]
- return redirect(url_for("bank.index"))
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement