SQL Insert error for some region

[goRaspy]

Look like the script do not like people from "Provence Alpes cote d'Azur" region (France)

Trape look to be insane anyway :)

: fd54b
[*] It's his first time
[2017-11-04 00:42:07,868] ERROR in app: Exception on /register [POST]
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1982, in wsgi_app
response = self.full_dispatch_request()
File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1614, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1517, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1612, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1598, in dispatch_request
return self.view_functionsrule.endpoint
File "/root/trape/core/victim.py", line 61, in register
db.sentences_victim('insert_victim_geo', [victimGeo, vId], 2)
File "/root/trape/core/db.py", line 94, in sentences_victim
return self.sql_insert(self.prop_sentences_victim(type, data))
File "/root/trape/core/db.py", line 39, in sql_insert
self.cursor.execute(sentence)
OperationalError: near "Azur": syntax error

[almapro]

SQL injection in insert_victim_geo!
Wait for them to maybe fix it with prepare statement if that's available in python :/

[st4nn]

@goRaspy @almapro Thanks guys for commenting, I've pushed a new commit, I hope solved the bug.

Thanks again and Happy Hack

[goRaspy]

Now, works like a charm. Many thanks

[jofpin]

@goRaspy Thanks to you, enjoy it and share it with your friends.