From 9633a2005a8e64e48778d505f88ab74cd373e90f Mon Sep 17 00:00:00 2001
From: Michael Jerger <michael.jerger@meissa-gmbh.de>
Date: Sat, 9 Dec 2023 19:23:48 +0100
Subject: [PATCH] add a sql injection threat

---
 docs/unsure-where-to-put/threat_analysis_star_activity.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/docs/unsure-where-to-put/threat_analysis_star_activity.md b/docs/unsure-where-to-put/threat_analysis_star_activity.md
index 33c67db24b..5ed938348c 100644
--- a/docs/unsure-where-to-put/threat_analysis_star_activity.md
+++ b/docs/unsure-where-to-put/threat_analysis_star_activity.md
@@ -70,10 +70,12 @@ flowchart TD
 ### Actors
 
 1. **Script Kiddies**: Boored teens, willing to do some illigal without deep knowlege of tech details but broad knowlege across internet discussions. Able to do some bash / python scripting.
+2. **Experienced Hacker**: Hacker with deep knowlege.
 
 ### Threat
 
-1. Script Kiddi sends a Star Activity containing an attack target url `http://attacked.target/very/special/path` in place of actor. Our repository server sends an `get Person Actor` request to this url. The attacked target gets DenialdOffServices. We loose CPU & reputation.
+1. Script Kiddi sends a Star Activity containing an attack actor url `http://attacked.target/very/special/path` in place of actor. Our repository server sends an `get Person Actor` request to this url. The attacked target gets DenialdOffServices. We loose CPU & reputation.
+2. Experienced hacker sends a Star Activity containing an actor url pointing to an evil forgejo instance. Our repository server sends an `get Person Actor` request to this instance and get a person having sth. like  `; drop database;` in its name. If our server tries to create a new user out of this persion, the db might be droped.
 
 ### DREAD-Score