RBF SQL Injection
Recently got this error web page:
Suggest you don't use SQL keywords in BOM fields.
Yes, we're going to file a PMR.
Safe driving
Error
CRRBF0558I: Failed SQL query: [org.apache.commons.dbcp.DelegatingPreparedStatement@be00be] => [com.microsoft.sqlserver.jdbc.SQLServerException: Incorrect syntax near the keyword 'Key'.]
Copyright International Business Machines Corporation 2003, 2006. All rights reserved
Suggest you don't use SQL keywords in BOM fields.
Yes, we're going to file a PMR.
Safe driving
2 answers
I've discussed this with L2. What is going on here is that through a .bom setcolumn command, you have inserted data that causes a syntax error when querying your bom tables. This is technically sql injection, and this is a defect that needs to be addressed.
However, the field used for inserting this data is already scrubbed against non-word characters, but it is not scrubbed for all keywords for all supported databases. This does not create a vulnerability that can be exploited to modify or gain unauthorized access to the database.
However, the field used for inserting this data is already scrubbed against non-word characters, but it is not scrubbed for all keywords for all supported databases. This does not create a vulnerability that can be exploited to modify or gain unauthorized access to the database.