Vulnerability Development mailing list archives
Re: malformed sql queries
From: pgut001 () cs auckland ac nz (Peter Gutmann)
Date: Sun, 30 Dec 2001 17:05:05 +1300 (NZDT)
"JayBonci" <jay () manifestresearch com> writes:
Problem is, it's a differnet problem when using ODBC stuff and when doing say a standard connection to a mysql server. I don't see anything vulnerable (this by no means that it's not) with a % (or any other mysql regexp), because you need to explicitly call that regular expression with a LIKE statement in order for it to do anything.
I was more concerned about people doing things like using %39 to escape filtering for ' characters, a la Microsoft's continuing ".." problems. Peter.
Current thread:
- malformed sql queries Gabriel A. Maggiotti (Dec 29)
- Re: malformed sql queries JayBonci (Dec 29)
- Re: malformed sql queries Francois Scala (Dec 30)
- <Possible follow-ups>
- Re: malformed sql queries Peter Gutmann (Dec 29)
- Re: malformed sql queries JayBonci (Dec 29)
- Re: malformed sql queries Peter Gutmann (Dec 29)
- Re: malformed sql queries Blue Boar (Dec 29)
- Re: malformed sql queries Kevin Hegg (Dec 31)