63. from django.db import models
class Snippet(models.Model):
title = models.CharField(' ', max_length=128)
class Meta:
db_table = 'snippets' # snippets
64. def sql_injection(request):
if 'snippet' not in request.GET:
html = Template(_form_html).render(Context())
else:
snippet_id = request.GET['snippet']
sql = "SELECT id, title FROM snippets WHERE id =
'{}';".format(snippet_id)
snippet = Snippet.objects.raw(sql)
html = Template(_snippet_list_template).render(Context({'snippet':
snippet}))
return HttpResponse(html)
65. '; DELETE FROM snippets WHERE '1' = '1
sql
(Pdb) sql
"SELECT id, title FROM snippets WHERE id = ''; DELETE FROM snippets WHERE
'1' = '1';"
※sqlite3 Python slqite3 execute
https://docs.python.org/3/library/sqlite3.html#sqlite3.Cursor
sqlite3.Warning: You can only execute one statement at a time.