Bugs item #2049266, was opened at 2008-08-13 12:40
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=512945&aid=2049266&group_id=65979
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Alexander Amelkin (spirit-rc)
Assigned to: Nobody/Anonymous (nobody)
Summary: mysql: dbi_conn_quote_string* functions do not escape quotes
Initial Comment:
For the mysql driver v.0.8.3, this code:
----------------------
char *username="buggyrequest\" and something bad \"";
char *username2;
...
dbi_conn_quote_string_copy(conn, username, &username2);
printf("Username: %s\n");
----------------------
results in the following printout:
----------------------
Username: "buggyrequest" and something bad ""
----------------------
Thus, the resulting username2 string can't actually be used in a call like
dbi_conn_queryf(conn, "select * from users where username=%s", username2);
and will lead to an injection of a malicious SQL code if the original
username is supplied by the user.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=512945&aid=2049266&group_id=65979
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Libdbi-drivers-devel mailing list
Libdbi-drivers-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libdbi-drivers-devel
