Releases: li-xin-yi/SQL-inject-demo
Releases · li-xin-yi/SQL-inject-demo
Adjust the layout to fit more devices
Fix typo in database
- Boby -> Bobby, Samy -> Sammy
- Change their corresponding password
- Modify the format of phone number
A SQL injection demo on mobile app with safe countermeasures
Based on the previous version I developed a few days ago
- Add a safe mode as
query = "SELECT * FROM "+ TABLE_NAME + " WHERE NAME=? AND PASSWORD=?";
cursor = db.rawQuery(query, new String[]{username,password});
Instead of direct joining variables.
- Add a rest button to reset the polluted SQLite database as the initial table.
- Admin now can insert or delete employees in the database. I add this functionality for more flexible test and demo on custom data.
- Detailed instructions to explore this app can be found in this manual
base version
Basic release