Improve sqlite3 injection attack example

python · erlend-aasland · Dec 8, 2022 · Nov 9, 2022 · Nov 9, 2022 · Nov 16, 2022
commit 867b98e84d445db4b1affb0ddeacda2ef3efe16a
@@ -1872,7 +1872,10 @@ are vulnerable to `SQL injection attacks`_ (see the `xkcd webcomic
 <https://xkcd.com/327/>`_ for a humorous example of what can go wrong)::
 
    # Never do this -- insecure!
-   symbol = 'RHAT'
+   # An attacker can select all stocks by entering "' OR 1 = 1; --", or load any
+   # extension by entering "' OR load_extension('./any.so'); --" when extension
+   # loading is enabled.
+   symbol = input()
    cur.execute("SELECT * FROM stocks WHERE symbol = '%s'" % symbol)
 
 Instead, use the DB-API's parameter substitution. To insert a variable into a