WebApp Sec: Hibernate Query Language

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

WebApp Sec mailing list archives

Hibernate Query Language

From: alfredhitchcock_007 () yahoo com
Date: 10 Nov 2005 07:33:42 -0000

Hi All,

I am being tasked to do a comprehensive security audit for a java application. This java application is using Hibernate 
Query Language (HQL). Does anybody have an idea about vulnerable API's in HQL? How do I find out vulnerable SQL 
constructs in this language? 

I am thorough with SQL Injection where Dynamic queries and normal stored procedures are being used. But HQL uses 
different API's to construct the SQL query. Can anybody help me in identifying potential issues with HQL?

By Date By Thread

Current thread:

Hibernate Query Language alfredhitchcock_007 (Nov 10)
- Re: Hibernate Query Language Andrew van der Stock (Nov 10)
  - RE: Hibernate Query Language Benjamin Livshits (Nov 10)
- Re: Hibernate Query Language ThorOdino () X-Planet org (Nov 10)