Installation blocks "drop/create" but allows destructive SQL through

2 replies

Mon, 07/28/2008 - 07:48

monkeyiq

Joined: 07/28/2008

Hi,
I have installed GreenSQL on a Fedora 9 machine, it is successfully blocking stuff like drop table foo; and create table bar...; but queries that I issue that are along the lines of SQL injections are not being flagged with risk > 0 in the logs and are getting through. Am I doing something wrong or am I just expecting GreenSQL to drop tautologies that it isn't going to?

mysql> select * from spwd; +---------+-----------+------+ | comment | pwd | id | +---------+-----------+------+ | foobar | password | 182 | | foobar2 | password2 | 282 | +---------+-----------+------+ 2 rows in set (0.00 sec)
mysql> UPDATE spwd SET ID=ID+1 WHERE COMMENT = 'WHATEVER' OR 1=1; Query OK, 2 rows affected (0.00 sec) Rows matched: 2 Changed: 2 Warnings: 0

mysql> select * from spwd; +---------+-----------+------+ | comment | pwd | id | +---------+-----------+------+ | foobar | password | 183 | | foobar2 | password2 | 283 | +---------+-----------+------+ 2 rows in set (0.00 sec)

mysql> delete from spwd where comment='foobar' OR '1'='1'; Query OK, 2 rows affected (0.00 sec)

mysql> select * from spwd; Empty set (0.00 sec)

From the /var/log file:
SQL_DEBUG: QUERY command[]: delete from spwd where comment='foobar' OR '1'='1' SQL_DEBUG: AFTER NORM : delete from spwd where comment=? or ?=? SQL_DEBUG: RISK : 0

Mon, 08/04/2008 - 09:59

monkeyiq

Joined: 07/28/2008

It works for SELECT queries but doesn't rank and block DELETE. Installation works fine for SELECTs.

Mon, 08/04/2008 - 19:02

yuli

Joined: 01/30/2008

Hi,

It happens because UPDATE and DELETE queries are not checked for SQL injection.
In the next application release it will be fixed.

Best regards,
Yuli

GreenSQL

Installation blocks "drop/create" but allows destructive SQL through

site

Forum Login