Open Hub
Open Hub

 Settings |  Report Duplicate

4
I Use This!
Inactive

News

Analyzed 1 day ago. based on code collected 1 day ago.
SQLインジェクションを防ぐプロキシ「GreenSQL」:オープンソースを毎日紹介
Posted over 17 years ago by tsupo
GreenSQLはDBとWebサーバとのプロキシとして動作 / その間で行われるSQL文を監視し、問題があるSQLを予め弾いてくれる / 対応しているDBはMySQLのみ
ush.it - a beautiful place " GreenSQL, a MySQL firewall, bypassed.
Posted over 17 years ago by fukami
ush.it - a beautiful place " GreenSQL, a MySQL firewall, bypassed.
Posted over 17 years ago by fukami
New MySQL Patterns
Posted over 17 years ago by yuli
During this weekend I found an excellent article on Internet. It explains in details how one can perform blind SQL injection against MySQL. For interested parties you can find it here: http://www.reversing.org/node/view/13 While reading it I found ... [More] a number of SQL operations that skillful hacker can use it order to exploit SQL injection vulnerability. He can use the following commands: current_user(), system_user(), session_user() version() database() into outfile load file [Less]
SQL Comments Handling
Posted almost 18 years ago by yuli
My little SQL honey project (http://demo.greensql.net/) yield a problem in the existing implementation of GreenSQL SQL firewall. It turns out that SQL query located in whitelist can basically make the system ignore other query that has SQL comments ... [More] inside. To make the things more clear I will give an example. Let say I have the following SQL pattern in the whitelist: “SELECT * from accounts where id = ?” This query looks legitimate and it is indeed ok. Now, the system receives the following SQL command: read more [Less]
GreenSQL DEMO
Posted almost 18 years ago by yuli
One of my friends told me that he wants to test the application but he does not have any necessary infrastructure. In order to make his live easy I decided to create demo version of the application. I have built special demo version of the ... [More] greensql-console application. It has limited functionality - for example you can not change user password. You are now welcome to test demo version of the GreenSQL database firewall. You can use the following url: http://demo.greensql.net/ You can use the following credentials: Username - admin Password - pwd read more [Less]
SQL Injection Test Page
Posted almost 18 years ago by yuli
I finally finished coding for the SQL injection test page. I coded it as a drupal plugin. This SQL Injection page could be used to evaluate SQL protection using GreenSQL database firewall. In addition all SQL queries blocked are shown in demo version ... [More] of GreenSQL installed at this site. You can reach SQL injection test page using the following url: http://www.greensql.net/sql-injection-test read more [Less]