Quick Links

Re: a vulnerability in PostgreSQL

From:	Tatsuo Ishii <t-ishii(at)sra(dot)co(dot)jp>
To:	lyeoh(at)pop(dot)jaring(dot)my
Cc:	pgsql-hackers(at)postgresql(dot)org
Subject:	Re: a vulnerability in PostgreSQL
Date:	2002-05-02 13:37:19
Message-ID:	20020502223719Q.t-ishii@sra.co.jp
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

> Oops. How about:
>
> foo'; DROP TABLE t1; -- foo
>
> The last ' gets removed, leaving -- (81a2).
>
> So you get:
> select ... '(0x81a2)'; DROP TABLE t1; -- (0x81a2)

This surely works:-< Ok, you gave me an enough example that shows even
7.1.x and 7.0.x are not safe.

Included are patches for 7.1.3. Patches for 7.0.3 and 6.5.3 will be
posted soon.

Attachment	Content-Type	Size
ascii.patch.gz	application/octet-stream	226 bytes

In response to

Re: a vulnerability in PostgreSQL at 2002-05-02 11:17:28 from Lincoln Yeoh

Responses

Re: a vulnerability in PostgreSQL at 2002-05-03 23:56:31 from Tatsuo Ishii
Re: a vulnerability in PostgreSQL at 2002-06-12 18:11:53 from Bruce Momjian

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Rod Taylor	2002-05-02 13:44:53	Re: PostgreSQL mission statement?
Previous Message	Jim Mercer	2002-05-02 12:59:19	Re: PostgreSQL mission statement?