Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security hole in blacklist for MySQL #490

Closed
MarkBird opened this issue Sep 7, 2022 · 1 comment
Closed

Security hole in blacklist for MySQL #490

MarkBird opened this issue Sep 7, 2022 · 1 comment

Comments

@MarkBird
Copy link

MarkBird commented Sep 7, 2022

The EXPLORER_SQL_BLACKLIST includes INSERT INTO - on MySQL the INTO is optional - so you can still run inserts on MySQL by just doing INSERT <table> VALUES (<data>);.
@marksweb marksweb mentioned this issue Oct 9, 2022
Closed
marksweb pushed a commit that referenced this issue Oct 9, 2022
@lawson89
Fixes Security hole in blacklist for MySQL #490 (#494)
e35df74 
Blacklist on insert keyword only instead of insert into since into is optional in at least MySQL and MS SQL
@marksweb
Copy link
Collaborator

marksweb commented Oct 9, 2022

This should be resolved by release 2.5

@marksweb marksweb closed this as completed Oct 9, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@marksweb @MarkBird