Re: a vulnerability in PostgreSQL
Tatsuo Ishii <t-ishii@sra.co.jp>
From: Tatsuo Ishii <t-ishii@sra.co.jp>
To: lyeoh@pop.jaring.my
Cc: pgsql-hackers@postgresql.org
Date: 2002-05-02T13:37:19Z
Lists: pgsql-hackers
Attachments
- ascii.patch.gz (application/octet-stream) patch
> Oops. How about: > > foo'; DROP TABLE t1; -- foo > > The last ' gets removed, leaving -- (81a2). > > So you get: > select ... '(0x81a2)'; DROP TABLE t1; -- (0x81a2) This surely works:-< Ok, you gave me an enough example that shows even 7.1.x and 7.0.x are not safe. Included are patches for 7.1.3. Patches for 7.0.3 and 6.5.3 will be posted soon.