Takes advantage of an unsecure login system and inject SQL.
import sqlite3 def login(username, password): conn = sqlite3.connect('users.db') c = conn.cursor() c.execute('SELECT * FROM users WHERE username=? and password=?', (username, password)) result = c.fetchone() if result: return True else: return False