Monday, September 8, 2008

MySQL and SQL Column Truncation Vulnerabilities

I've found a really interesting blog post this morning by Stefan Esser discussing a problem he calls 'MySQL and SQL Column Truncation Vulnerabilities'. This vulnerability takes advantage of the max_packet_size configuration by placing a large number of spaces and then a random character after the spaces. This basically allows an attacker to add "duplicate" entries to your database.

As you can image this would bring around pretty big issues with services like user registration. You can read his excellent post for a good breakdown of this vulnerability here.

This morning the first exploit for this kind of vulnerability in a web application was also released. This affects the latest version of Wordpress.

No comments: