moktar
9/25/2019 - 1:28 PM
laravel security
dork: filetype:env APP_ENV
Route::get('sql-injection-vulnerable', function() {
$name = "'Bobby' OR 1=1";
return DB::select(
DB::raw("SELECT * FROM cats WHERE name = $name"));
});
Route::get('sql-injection-not-vulnerable', function() {
$name = "'Bobby' OR 1=1";
return DB::select(
DB::raw("SELECT * FROM cats WHERE name = ?", [$name]));
});