[prev in list] [next in list] [prev in thread] [next in thread]
List: sqlite-users
Subject: Re: [sqlite] insert statements with user input in bash script
From: Raymond van Daelen <raymond.van-daelen () keygene ! com>
Date: 2014-01-29 15:51:50
Message-ID: 6E186362F5F6CA4A85A5CE7AD201A94E0B9C4060 () crius ! keygene ! local
[Download RAW message or body]
All kind of things.
Tried some version of this 'sql injection' but most variants I tried just give an \
error, or an entry in the table with the value "drop table", or a whole new database \
named: " Robert'); " ! never was the table gone. But, the scripts will be run in a \
quite closed environment, and accessed normally only be the user who also creates the \
database (so he will predominantly be bothering him/her self). But a good reminder :)
Raymond
This document is strictly confidential and intended only for use by the addressee \
unless otherwise indicated Dr. Ir. Raymond A. J. J. van Daelen
Project Manager
KEYGENE N.V.
Bio-Informatics
P.O. Box 216
6700 AE Wageningen
The Netherlands
Tel. (+31) 317 46 68 66
Fax. (+31) 317 42 49 39
Email: raymond.van-daelen@keygene.com
The transmission of messages and/or information via the Internet is not secured and \
may be intercepted by third parties. Keygene assumes no liability if this document or \
its content is intercepted by a third party or becomes publicly available.
-----Original Message-----
From: sqlite-users-bounces@sqlite.org [mailto:sqlite-users-bounces@sqlite.org] On \
Behalf Of Igor Tandetnik
Sent: Wednesday, January 29, 2014 3:59 PM
To: sqlite-users@sqlite.org
Subject: Re: [sqlite] insert statements with user input in bash script
On 1/29/2014 9:30 AM, Raymond van Daelen wrote:
> Works!
However, see what happens if you type this as user input:
Robert'); DROP TABLE ga_table; --
See also: http://xkcd.com/327/
--
Igor Tandetnik
_______________________________________________
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
[http://www.keygene.com/images/maillogo.jpg]<http://www.keygene.com/>
Keygene N.V.
P.O. Box 216
6700 AE Wageningen
The Netherlands
Tel. (+31) 317 46 68 66
Fax. (+31) 317 42 49 39
CoC. 09066631
Web: http://www.keygene.com<http://www.keygene.com/>
The information contained in this message, and attachments if any, may be privileged \
and/or confidential and is intended to be received only by persons entitled to \
receive such information. Use of any part of this message and/or its attachments if \
any, in any other way than as explicitly stated by the sender is strictly prohibited. \
Should you receive this message unintentionally please notify the sender immediately, \
and delete it together with all attachments, if any. Thank you. The transmission of \
messages and/or information via the Internet is not secured and may be intercepted by \
third parties. KeyGene assumes no liability for any damage caused by any \
unintentional disclosure and/or use of the content of this message and attachments if \
any.
_______________________________________________
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic