Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Challenge #13 : SQL Injection #155

Closed
rallapallinagarjun opened this issue Nov 16, 2022 · 2 comments
Closed

Challenge #13 : SQL Injection #155

rallapallinagarjun opened this issue Nov 16, 2022 · 2 comments
Labels
enhancement New feature or request

Comments

@rallapallinagarjun
Copy link

image

Challenge 12 and 13 are somewhat related to each other.
NoSQL Injection can be cracked “manually” on /community/api/v2/coupon/validate-coupon - {"coupon_code":"TRAC075"} on this endpoint.
The same endpoint cant have SQL injection attack, because the table will be a part of NoSQL DB. (for coupons)
How can the same endpoint be used for SQL injection, if a different column of the same table (For Challenge 12) will be updated to redeem an already claimed Coupon, and the table is NoSQL based....
@rallapallinagarjun rallapallinagarjun added the enhancement New feature or request label Nov 16, 2022
@piyushroshan
Copy link
Collaborator

Since the service tracking the coupon redemption is different, it can have its own stack. Do look at the apis/postman_collections to learn more.

@nikhil-rajesh
Copy link
Collaborator

It is not the same endpoint but a different endpoint which is coupon related.
Closing this issue as it is more of a doubt than issue. Please reopen a thread in discussion forum if needed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@piyushroshan @nikhil-rajesh @rallapallinagarjun