Conversation
| - Show how interpolating raw user input into SQL (for example, using `.raw()` or `orderByRaw(req.query.sort)`) can open up injection vulnerabilities. | ||
| - Use a Snippets-style example, such as an endpoint that sorts results based on a `sort` query parameter, to demonstrate how a malicious value could modify the query. | ||
| - Contrast this with safe usage of the Knex Query Builder and parameter binding. |
There was a problem hiding this comment.
should we consider adding the SQL Injection snippet for the actual demonstration of how the data would be affected if used incorrectly? It probably could be a nice addition to show what exactly happens if such thing is executed (sorry if it was written somewhere and I missed it). Considering that it is the orderByRaw it is a Blind SQL Injection as far as I know, so it is not the easiest one to reproduce yourself if you do not know where to look at. Maybe something like this could suffice
(CASE WHEN (SELECT COUNT(*) FROM users WHERE email='admin@test.com') > 0 THEN email ELSE password END)
There was a problem hiding this comment.
they should be able to figure it out in the excercise themselved, but I added the snippet you provided as an example for the mentor :)
2 participants
Reference: #275