this post was submitted on 04 Apr 2024
969 points (97.5% liked)
Programmer Humor
19623 readers
2719 users here now
Welcome to Programmer Humor!
This is a place where you can post jokes, memes, humor, etc. related to programming!
For sharing awful code theres also Programming Horror.
Rules
- Keep content in english
- No advertisements
- Posts must be related to programming or programmer topics
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Do you have any recent examples of major SQL injection holes?
https://www.securityweek.com/millions-of-user-records-stolen-from-65-websites-via-sql-injection-attacks/
https://www.darkreading.com/remote-workforce/critical-security-flaw-wordpress-sql-injection
https://www.tenable.com/blog/cve-2023-48788-critical-fortinet-forticlientems-sql-injection-vulnerability
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a
https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cwe_id=CWE-89&isCpeNameSearch=false
You can fiddle with the nvd search settings to find whatever severity score you like, or filter by execution parameters.
https://nvd.nist.gov/vuln/detail/CVE-2024-1597
That one was a treat when I check under critical, since it's an injection attack that can bypass parameterized query protections for the database driver, which is why "defense in depth" and "always sanitize your fucking inputs" are such key things to remember.
I hope that provided what you're looking for, and maybe increases your awareness of SQL injection. ๐
Great comment. Thanks!
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=sql+injection
And without giving away specifics, I've personally found SQLi vulns in the wild within the last 5ish years.