SQL injection found

SQL Injection (SQLi) refers to an injection attack wherein an attacker can execute malicious SQL statements (also commonly referred to as a malicious payload) that control a web application’s database server (also commonly referred to as a Relational Database Management System ‑ RDBMS).

Define POST variables

uname = request.POST['username']

passwd = request.POST['password']

SQL query vulnerable to SQLi

Execute the SQL statement database.execute(sql)

The above script is a simple example of authenticating a user with a username and a password against a database with a table named users, and a username and password column.