atearjen · altearjen · May 28, 2024 · May 28, 2024 · semgrep-code-atearjen · May 28, 2024
diff --git a/vulns/sql_injection/sql_injection_login.py b/vulns/sql_injection/sql_injection_login.py
@@ -40,6 +40,71 @@ def sql_injection_login_api(request, app):
     )
 
 
+def sql_injection_login_apiiiii(request, app):
+    form = request.form
+
+    username = form.get('username')
+    password = form.get('password')
+    password_hash = _hash_password(password)
+
+    sql = f"SELECT * FROM users WHERE username='{username}' AND password='{password_hash}'"
+    flask.render_template_string(username)
+
+    db_result = app.db_helper.execute_read(sql)
+
+    user = list(
+        map(
+            lambda u: {
+                'id': u[0],
+                'username': u[1],
+                'password': u[2]
+            },
+            db_result
+        )
+    )[0] if len(db_result) > 0 else None
+
+    return render_template(
+        'sql_injection/login.html',
+        sql=sql,
+        logged=user is not None
+    )
+
+
+
+
+
+def sql_injection_login_apis(request, app):
+    form = request.form
+
+    username = form.get('username')
+    password = form.get('password')
+    password_hash = _hash_password(password)
+
+    sql = f"SELECT * FROM users WHERE username='{username}' AND password='{password_hash}'"
+    flask.render_template_string(username)
+
+    db_result = app.db_helper.execute_read(sql)
+
+    user = list(
+        map(
+            lambda u: {
+                'id': u[0],
+                'username': u[1],
+                'password': u[2]
+            },
+            db_result
+        )
+    )[0] if len(db_result) > 0 else None
+
+    return render_template(
+        'sql_injection/login.html',
+        sql=sql,
+        logged=user is not None
+    )
+
+
+
+
 def _hash_password(password):
     md5_pass = hashlib.md5(password.encode('utf-8')).hexdigest()
     return md5_pass