Skip to content
Better HN
Top
Best
Ask
Show
New
Jobs
Search
⌘K
From SQL injection to shell: PostgreSQL edition
(opens in new tab)
(pentesterlab.com)
30 points
snyff
13y ago
4 comments
Save
Share
4 comments
4 comments · 3 top-level
top
newest
oldest
herge
13y ago
· 1 in thread
If I use sql parameters in my queries, am I still vulnerable to SQL injection? What about using a (sane) ORM?
Basically, is it only php apps that hand-build queries that are vulnerable to SQL injection?
jasonlotito
13y ago
Any app that hand-builds queries. PHP has nothing to do with this. Just happens to be the vehicle. The problem is simply insecure patterns.
ibotty
13y ago
be sure to read the prequel if you haven't done anything like that before:
https://www.pentesterlab.com/from_sqli_to_shell.html
dschiptsov
13y ago
What if I have no PHP?)
j
/
k
navigate · click thread line to collapse
