Thread: SQL injection bug for null-terminated strings?
From looking at some logs, it looks like there might be an SQL injection bug with null-terminated strings. Is this a known problem? If it is not, I will try to write a test program to trigger it. Thanks for any info. __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
On Sun, 31 Aug 2003, joe user wrote: > >From looking at some logs, it looks like there might > be an SQL injection bug with null-terminated strings. > Is this a known problem? If it is not, I will try to > write a test program to trigger it. > This has been fixed in the development version of the driver. See the following, check revision 1.29 http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/interfaces/jdbc/org/postgresql/jdbc1/AbstractJdbc1Statement.java Kris Jurka
Also patched into the latest 7.3 build. --Barry Kris Jurka wrote: > > On Sun, 31 Aug 2003, joe user wrote: > > >>From looking at some logs, it looks like there might >>be an SQL injection bug with null-terminated strings. >>Is this a known problem? If it is not, I will try to >>write a test program to trigger it. >> > > > This has been fixed in the development version of the driver. > > See the following, check revision 1.29 > > http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/interfaces/jdbc/org/postgresql/jdbc1/AbstractJdbc1Statement.java > > Kris Jurka > > > > ---------------------------(end of broadcast)--------------------------- > TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org >