On 30 May 2014 03:32, Koh Kim Boon koh_kim_b...@sp.edu.sg wrote:
Recent my dspace server had a security scan and one of the vulnerabilities
listed in blind sql injection.
Hi Koh
Can you tell us exactly the nature of the security scan
Thanks.
*Hilton Gibson*
Ubuntu Linux Systems
: koh_kim_b...@sp.edu.sgmailto:koh_kim_b...@sp.edu.sg
From: Hilton Gibson [mailto:hilton.gib...@gmail.com]
Sent: Friday, 30 May 2014 4:10 PM
To: Koh Kim Boon
Cc: dspace-tech@lists.sourceforge.net
Subject: Re: [Dspace-tech] Security vulnerability - Blind SQL injection
On 30 May 2014 03:32, Koh Kim Boon
2014 4:10 PM
To: Koh Kim Boon
Cc: dspace-tech@lists.sourceforge.net
Subject: Re: [Dspace-tech] Security vulnerability - Blind SQL injection
On 30 May 2014 03:32, Koh Kim Boon
koh_kim_b...@sp.edu.sgmailto:koh_kim_b...@sp.edu.sg wrote:
Recent my dspace server had a security scan and one
*From:*Hilton Gibson [mailto:hilton.gib...@gmail.com]
*Sent:* Friday, 30 May 2014 4:10 PM
*To:* Koh Kim Boon
*Cc:* dspace-tech@lists.sourceforge.net
*Subject:* Re: [Dspace-tech] Security vulnerability - Blind SQL injection
On 30 May 2014 03:32, Koh Kim Boon koh_kim_b...@sp.edu.sg
mailto:koh_kim_b
Hi Koh Kim Boon,
by all means, I invite you to submit a Jira bug with the security flag,
where more DSpace commiters will take a look at the issue and evaluate it.
Here is my investigation:
This type of test tests for SQL injection attack by adding an expression to
URL parameters, that - if
Hi All,
First, thanks for the very thorough review, helix84! I've also done a
review this morning. As far as I can tell, helix84's conclusions look to
be correct. I also haven't been able to find any way to actually perform
a successful SQL injection via the reported methods.
However, Koh Kim
6 matches
Mail list logo