Hacker News new | ask | show | jobs
by lansing 5126 days ago
Take a look at the test they added in the patch for an example of how the exploit would go down.
1 comments
kmf 5125 days ago
Looks like two tests (test_where_error_with_hash and test_where_with_table_name).

You can see those tests here:

http://seclists.org/oss-sec/2012/q2/att-504/3-2-sql-injectio...

(this is for 3.2, you can change the patch name for 3.1, etc.)

link