Techly NewsGet the app

Get the latest tech news

SQL Injection Isn't Dead: Smuggling Queries at the Protocol Level


PDF slides from a presentation by [Paul Gerste](https://twitter.com/pspaul95) at DEF CON 32. It turns out some databases have vulnerabilities in their binary protocols that can be exploited by carefully crafted …

Paul demonstrates an attack against PostgreSQL (which works in some but not all of the PostgreSQL client libraries) which uses a message size overflow, by embedding a string longer than 4GB (2**32 bytes) which overflows the maximum length of a string in the underlying protocol and writes data to the subsequent value. The current way to protect against these attacks is to ensure a size limit on incoming requests. This can be more difficult than you may expect - Paul points out that alternative paths such as WebSockets might bypass limits that are in place for regular HTTP requests, plus some servers may apply limits before decompression, allowing an attacker to send a compressed payload that is larger than the configured limit.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of queries

queries

Photo of SQL injection

SQL injection

Photo of smuggling

smuggling

Related news:

News photo

Apple’s Spotlight Search gets better at natural language queries in iOS 18

News photo

Show HN: Pg_analytica – Speed up queries by exporting tables to columnar format

News photo

Google details big Gen AI upgrades for queries in Search during I/O 2024

« SponsorBlock – skip sponsor segments on YouTube
Why we picked AGPL »