write the get request for sql injection in comment

2022-04-08 14:28:21 +02:00 · 2022-04-08 14:28:21 +02:00 · 8ddd8b2942
commit 8ddd8b2942
parent 3e59c0601e
1 changed files with 10 additions and 9 deletions
--- a/Lab01/app/webpage/webpage.go
+++ b/Lab01/app/webpage/webpage.go
@ -38,17 +38,18 @@ func (wp *Webpage) defineRoutes() {
 	tasks := wp.Router.Group("/tasks")
 	{
 		tasks.GET("", func(c *gin.Context) {
-			//if wp.isLoggedInMiddleware(c) { // FOR SQL INJECTION (username=Florian OR 1=1 in Header)
-			username := c.Request.Header.Get("username")
-			filter := c.Query("filter")
-			if filter != "" {
-				tasks := wp.Database.FilteredTasks(username, filter)
+			if wp.isLoggedInMiddleware(c) {
+				username := c.Request.Header.Get("username")
+				filter := c.Query("filter")
+				if filter != "" {
+					// SQL Injection: http://localhost:8080/tasks?filter=' or 1=1--
+					tasks := wp.Database.FilteredTasks(username, filter)
+					c.JSON(200, gin.H{"tasks": tasks})
+					return
+				}
+				tasks := wp.Database.GetAllTasks(username)
 				c.JSON(200, gin.H{"tasks": tasks})
-				return
 			}
-			tasks := wp.Database.GetAllTasks(username)
-			c.JSON(200, gin.H{"tasks": tasks})
-			//}
 		})
 		tasks.POST("", func(c *gin.Context) {
 			if wp.isLoggedInMiddleware(c) {