Bugs item #2048361, was opened at 2008-08-12 22:38
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=379806&aid=2048361&group_id=23824
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Priority: 5
Private: No
Submitted By: Alexander Amelkin (spirit-rc)
Assigned to: Nobody/Anonymous (nobody)
Summary: dbi_conn_quote_string* functions do not escape quotes
Initial Comment:
This code:
----------------------
char *username="buggyrequest\" and something bad \"";
char *username2;
...
dbi_conn_quote_string_copy(conn, username, &username2);
printf("Username: %s\n");
----------------------
Results in the following printout:
----------------------
Username: "buggyrequest" and something bad ""
----------------------
Thus, the resulting username2 string can't actually be used in a call like
dbi_conn_queryf(conn, "select * from users where username=%s", username2);
and will lead to an injection of a malicious SQL code if the original username
is supplied by the user.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=379806&aid=2048361&group_id=23824
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
libdbi-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/libdbi-devel
