Y
Hacker News
new
|
ask
|
show
|
jobs
From SQL injection to shell: PostgreSQL edition
(
pentesterlab.com
)
30 points
by
snyff
4933 days ago
3 comments
ibotty
4933 days ago
be sure to read the prequel if you haven't done anything like that before:
https://www.pentesterlab.com/from_sqli_to_shell.html
link
herge
4933 days ago
If I use sql parameters in my queries, am I still vulnerable to SQL injection? What about using a (sane) ORM?
Basically, is it only php apps that hand-build queries that are vulnerable to SQL injection?
link
jasonlotito
4933 days ago
Any app that hand-builds queries. PHP has nothing to do with this. Just happens to be the vehicle. The problem is simply insecure patterns.
link
dschiptsov
4933 days ago
What if I have no PHP?)
link