GreenSQLSecurity
Till now a number of security bugs were found by leading security experts. This page is intended to list all of them.
greensql-fw - Bypass of protection using x=y=z SQL expression
At September 2nd, 2008, Johannes Dahse (aka Reiners) found a bug that allowed him to bypass protection using new type of SQL tautology (true statement). For more information please check this post. Detailed description of this bug can be found using this link.
greensql-fw - Bypass of protection using db content brute-force commands
At August 2nd, 2008, eLWAux found a way to perform bruteforce of the table contents. For more information please check this post. GreenSQL-FW 0.9.2 is not vulnerable to this bug.
greensql-fw - Bypass of protection using UPDATE/DELETE queries
At July 28th, 2008, monkeyiq found a way to bypass protection using UPDATE/DELETE queries. For more information please check this post. GreenSQL-FW 0.9.2 is not vulnerable to this bug.
greensql-fw - Bypass of protection using true variables
At June 4th, 2008, ericl found a way to bypass protection using true variables like CURRENT_USER. For more information please check this post. GreenSQL-FW 0.9.2 is not vulnerable to this bug.
greensql-fw - Bypass of protection using subselect
At February 10th 2008, Rotem Bar found a bug that allowed him to bypass greensql SQL firewall. For more information please check this post. GreenSQL-FW 0.9.2 is not vulnerable to this bug.
greensql-console - XSS and installation directory disclosure bugs
It has been found at the end of April, 2008. It was found by Shay Priel. GreenSQL-Console 0.3.5 is not vulnerable to this bug.
greensql-console - XSS bug
It has been found in the beginning of September, 2007. You can find the advisory here.
greensql-fw - Remote Shell code execution
July 27 2007, found by Nico Leidecker of Portcullis Computer Security Ltd. You can find the advisory here.
