Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

GHSA-xmrp-424f-vfpx: SQLx Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts

The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord: > SQL Injection isn't Dead: Smuggling Queries at the Protocol Level > <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf> > (Archive link for posterity.) Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow, causing the server to interpret the rest of the string as binary protocol commands or other data. It appears SQLx _does_ perform truncating casts in a way that could be problematic, for example: <https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163> This code has existed essentially since the beginning, so it is reasonable to assume that all published versions `<= 0.8.0` a...

ghsa
Open in Source
#sql#web#js#git#pdf#postgres
Karya Online Shopping Portal 2.0 SQL Injection

Karya Online Shopping Portal version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Build Your Own Botnet 2.0.0 Remote Code Execution

Build Your Own Botnet (BYOB) version 2.0.0 exploit that works by spoofing an agent callback to overwrite the sqlite database and bypass authentication and exploiting an authenticated command injection in the payload builder page.

Human Resource Management System 2024 1.0 SQL Injection

Human Resource Management System 2024 version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Hotel Management System 1.0 SQL Injection

Hotel Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.