25 lines
671 B
Plaintext
25 lines
671 B
Plaintext
=== on 8 Dec 2018, 15:13:48 Lars Svensson wrote:
|
|
https://www.npmjs.com/package/mysql
|
|
|
|
https://www.npmjs.com/package/mysql2
|
|
|
|
https://www.npmjs.com/package/pg - docs: \https://node-postgres.com/features/queries
|
|
|
|
https://www.npmjs.com/package/sequelize - docs: \http://docs.sequelizejs.com/
|
|
|
|
|
|
|
|
=== on 8 Dec 2018, 19:19:56 Lars Svensson wrote:
|
|
Sequelize is currently the most popular NodeJS ORM with the module having ~285k downloads/week.
|
|
|
|
|
|
This OWASP project has a good example of an SQLi related with the sequelize module:
|
|
|
|
https://github.com/appsecco/dvna
|
|
|
|
sequelize.query() is used with user input concatenated to an SQL command
|
|
|
|
|
|
|
|
include::../comments-and-links.adoc[]
|