From 274962d77efd02e04703fb5c0b9e6b60d1404b62 Mon Sep 17 00:00:00 2001
From: N1m1sh4 <nimishadandriyal414@gmail.com>
Date: Wed, 1 Oct 2025 22:52:22 -0400
Subject: [PATCH] Update sql_injection_login.py

---
 vulns/sql_injection/sql_injection_login.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/vulns/sql_injection/sql_injection_login.py b/vulns/sql_injection/sql_injection_login.py
index c7a2930..acfdbb9 100644
--- a/vulns/sql_injection/sql_injection_login.py
+++ b/vulns/sql_injection/sql_injection_login.py
@@ -17,6 +17,7 @@ def sql_injection_login_api(request, app):
     password = form.get('password')
     password_hash = _hash_password(password)
 
+    sql = f"SELECT * FROM users WHERE username='{username}' AND password='{password_hash}'"
     sql = f"SELECT * FROM users WHERE username='{username}' AND password='{password_hash}'"
     flask.render_template_string(username)
 
@@ -42,4 +43,4 @@ def sql_injection_login_api(request, app):
 
 def _hash_password(password):
     md5_pass = hashlib.md5(password.encode('utf-8')).hexdigest()
-    return md5_pass
\ No newline at end of file
+    return md5_pass