This example app is vulnerable to SQL injection. It is possible to inject arbitrary SQL via the message parameter of the /v1/messages POST endpoint. I have used this to delete the production messages table since it seemed nothing valuable had been stored there as of yet. Now that the table no longer exists, the SQL command will fail earlier and therefore protect the database from more nefarious attacks.
This example app is vulnerable to SQL injection. It is possible to inject arbitrary SQL via the message parameter of the
/v1/messagesPOST endpoint. I have used this to delete the production messages table since it seemed nothing valuable had been stored there as of yet. Now that the table no longer exists, the SQL command will fail earlier and therefore protect the database from more nefarious attacks.