[英]SQL injection drop/delete from Hibernate HQL to MySQL
在Hibenate HQL中,是否可以將表或數據庫作為選擇查詢的嵌套部分刪除?
例如,
select name,email,(delete from Group) from User where 1=1
要么
select name,email,(drop table Group) from User where 1=1
或在where子句之后以某種方式:
select name,email from User where 1=1;drop table Group;
在where子句場景中,出現如下錯誤:
org.springframework.orm.hibernate3.HibernateQueryException: unexpected char: ';' [ FROM com.party.Group WHERE name = ? ORDER BY name ASC ;drop table User;]; nested exception is org.hibernate.QueryException: unexpected char: ';' [ FROM com.party.Group WHERE name = ? ORDER BY name ASC ;drop table User;]
at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)
at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.hibernate.QueryException: unexpected char: ';' [ FROM com.verecloud.nimbus4.party.Group WHERE name = ? ORDER BY name ASC ;drop table User;]
... 24 more
要求是在選擇查詢中檢查可能的SQL注入。
SQL注入需要結束一條語句,才能執行一條新語句:
select name,email,(;delete from Group;) from User where 1=1
select name,email from User where 1=1;drop table Group;
如果使用bind SQL參數 ,則可以防止SQL注入。
如果動態生成SQL SELECT(在運行時選擇列),則應使用JPA Criteria或jOOQ 。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.