Subject | Re: [firebird-support] Overflow problem |
---|---|
Author | Lester Caine |
Post date | 2016-11-25T14:29:22Z |
On 25/11/16 13:56, Mark Rotteveel mark@...
[firebird-support] wrote:
SQL injection attack. I don't need it to 'work'. I was trying to get a
handle on the vulnerability they were trying to exploit on MySQL incase
the results may be a problem. The ACTUAL SQL is only spanning a few
hundred pages and is handled via parameters. This SQL was the result of
manually added SQL in the raw fields.
--
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk
Rainbow Digital Media - http://rainbowdigitalmedia.co.uk
[firebird-support] wrote:
> On 2016-11-25 12:40, Lester Caine lester@... [firebird-support]You are missing the point Mark ... This SQL has come about from a PHP
> wrote:
>> > Nothing to do with Firebird but can anybody explain why the numbers in
>> > 'SELECT FIRST 102121121121212 SKIP 3574239239242420' would be a problem
>> > in MySQL or is it some other vulnerability the original sQL injection
>> > was trying to hit. I know I need to add limit checks in the code which
>> > reprocessed the SQL but it quite happily 'white screens' the vast
>> > majority of MySQL injection attempts so I'm just need to make sure
>> > there
>> > is nothing that WOULD affect Firebird adversely.
> That number is too big to fit in an int, could explain the problem
>
> BTW: You might want to look for other solutions if you need to skip and
> fetch that many records, it is not really efficient ;)
SQL injection attack. I don't need it to 'work'. I was trying to get a
handle on the vulnerability they were trying to exploit on MySQL incase
the results may be a problem. The ACTUAL SQL is only spanning a few
hundred pages and is handled via parameters. This SQL was the result of
manually added SQL in the raw fields.
--
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk
Rainbow Digital Media - http://rainbowdigitalmedia.co.uk