Home > mailing lists

Re: a vulnerability in PostgreSQL - Mailing list pgsql-hackers

From	Tatsuo Ishii
Subject	Re: a vulnerability in PostgreSQL
Date	May 2, 2002 12:38:43
Msg-id	20020502223719Q.t-ishii@sra.co.jp Whole thread Raw
In response to	Re: a vulnerability in PostgreSQL (Lincoln Yeoh <lyeoh@pop.jaring.my>)
Responses	Re: a vulnerability in PostgreSQL (Tatsuo Ishii <t-ishii@sra.co.jp>) Re: a vulnerability in PostgreSQL (Bruce Momjian <pgman@candle.pha.pa.us>)
List	pgsql-hackers

Tree view

> Oops. How about:
> 
> foo'; DROP TABLE t1; -- foo
> 
> The last ' gets removed, leaving -- (81a2).
> 
> So you get:
> select ... '(0x81a2)'; DROP TABLE t1; -- (0x81a2)

This surely works:-< Ok, you gave me an enough example that shows even
7.1.x and 7.0.x are not safe.

Included are patches for 7.1.3. Patches for 7.0.3 and 6.5.3 will be
posted soon.

pgsql-hackers by date:

From: Hannu Krosing
Date: 02 May 2002, 12:09:31
Subject: Re: PostgreSQL mission statement?

From: Umang Patel
Date: 02 May 2002, 12:43:49
Subject: ...

Re: a vulnerability in PostgreSQL - Mailing list pgsql-hackers

Previous

Next