Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python
- # -*- coding: utf-8 -*-
- #
- # SQL Injection:
- # >>> Ingrese el nombre: Ale',25);DELETE FROM personas;--
- # >>> Ingrese la edad: 25
- import sqlite3
- conn = sqlite3.connect("database.sqlite")
- cursor = conn.cursor()
- nombre = input("Ingrese el nombre: ")
- edad = int(input("Ingrese la edad: "))
- cursor.executescript(f"INSERT INTO personas VALUES ('{nombre}',{edad})")
- conn.commit()
- conn.close()
- # analisis de la SQL Injection
- # INSERT INTO personas VALUES ('Ale',25);
- # DELETE FROM personas;
- # --',25)"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
