cmc-csci040 icon indicating copy to clipboard operation
cmc-csci040 copied to clipboard
verified publisher icon mikeizbicki

Week 14 Lab

Open yeswetran opened this issue 4 years ago • 3 comments

For line 49 of secret_vault.py, VSCode gives me an error message saying Import "local_settings" could not be resolved. Any idea what I should do?

I think I figured out an effective SQL injection, but I can't properly test it until I fix the local_settings problem, since I receive this NameError once executing the exploit:

image

yeswetran avatar Dec 09 '21 23:12 yeswetran

Is it correct that the webpage runs fine when not doing a sql injection, but gives the name error only when you are doing the SQL injection? If that's the case, it means that you need to keep refining your injected SQL... you need to get something that will login without erroring.

mikeizbicki avatar Dec 09 '21 23:12 mikeizbicki

That's a good point! Thing is, url_root is not defined because it references line 49 of secretvault.py, specifically: image

so I'm not entirely sure what to do. Hopping around online forums, while teaching me a lot about SQL injections in general, have not been much help with this error in particular.

yeswetran avatar Dec 10 '21 00:12 yeswetran

Ahh, I see. VSCode is wrong (you have it linked to the newer version of python instead of this version). Just run the python in the terminal following the directions and it will run.

mikeizbicki avatar Dec 10 '21 00:12 mikeizbicki