Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: SQL injection attack possible when connecting to PostgreSQL 9.1 with version 8.1 JDBC driver
From: Kurt Seifried <kseifried () redhat com>
Date: Sat, 31 Mar 2012 17:41:15 -0600

On 03/31/2012 10:20 AM, Steffen Dettmer wrote:
Hi,

when using PostgreSQL JDBC driver version 8.1 to connect to a PostgreSQL
version 9.1 database, escaping of JDBC statement parameters does
not work and SQL injection attacks are possible.


Steffen


I believe this is covered in the list archives.

http://seclists.org/oss-sec/2012/q1/800

-- 
Kurt Seifried Red Hat Security Response Team (SRT)


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]