HomeForumsBugs
 Database Security. Database Auditing. Database Caching. Database Masking. Get it now

Bypassed again

Posted December 30th, 2008 by gat3way
in

This time it was quite easy :(

username: gh' or name like '%' or name != 'a
password: whatever

probably because we have FALSE or TRUE or TRUE which breaks the tautology test.

if we have FALSE or TRUE then greensql blocks it...but that way...no

I hope that's helpful.

‹ greensql-fw dies Great idea... ›

Comments

Hello Thanks for your

On December 30th, 2008 yuli says:

Hello

Thanks for your report. First of all the following expression name like '%' will be addressed in the nearest release (not in the next one - coming in a few days). It is 100% detectable SQL tautology.

The other issue that you rise is creating SQL tautology by making a number of redundant comparisons. For example: table_name = 'a' or table_name != 'a'. It is much harder for GreenSQL to detect such expressions without generating too much false positives. Skillful attacker with knowledge of the database schema can overcome GreenSQL heuristics.

A workaround for the above issues is to use GreenSQL in firewall mode.

Best regards,
Yuli

Back to top