If you have come this far; great job!
Suggestions:
- Try to create new database tables
- Try to drop database tables
- Extract all data from tables
- Replace the whole voting page with a completely new page
- Send cookie data to your own separate attacker website
✏️ Open the application and try to fix the vulnerabilties that we have uncovered during the exercises.
📖 Prepared statements in the sqlite3 library: https://github.com/TryGhost/node-sqlite3/wiki/API#preparesql--param---callback
📖 Example of santizing input in Express.js: https://express-validator.github.io/docs/guides/getting-started/#sanitizing-inputs