oss-sec mailing list archives
Re: SQL injection attack possible when connecting to PostgreSQL 9.1 with version 8.1 JDBC driver
From: Kurt Seifried <kseifried () redhat com>
Date: Sat, 31 Mar 2012 17:41:15 -0600
On 03/31/2012 10:20 AM, Steffen Dettmer wrote:
Hi, when using PostgreSQL JDBC driver version 8.1 to connect to a PostgreSQL version 9.1 database, escaping of JDBC statement parameters does not work and SQL injection attacks are possible.
Steffen
I believe this is covered in the list archives. http://seclists.org/oss-sec/2012/q1/800 -- Kurt Seifried Red Hat Security Response Team (SRT)
Current thread:
- SQL injection attack possible when connecting to PostgreSQL 9.1 with version 8.1 JDBC driver Steffen Dettmer (Mar 31)
- Re: SQL injection attack possible when connecting to PostgreSQL 9.1 with version 8.1 JDBC driver Kurt Seifried (Mar 31)