Collaborate Disseminate
Say there is a SQL database that stores certain records in encrypted. A person wants deletion of a record in a way that even hard drive recovery services cannot recover it without breaking the hard drive.
Is it possible to delete records t… Continue reading Permanently delete a record
I have a website that uses ManageEngine Service Plus and it has a SQL injection vulnerability
the linksays that with the help of the following url we would be able to inject postgresql commands to get the complete control of the system:
/r… Continue reading Cannot perform SQL injection because of the weird postgresql syntax that is used
PostgreSQL supports multiple authentication methods, and I think it supports SSL and plaintext connections. How do I find out which authentication method a server uses? I do not have access to the server configuration. Can psql tell we whi… Continue reading Do I transmit a plaintext password to my PostgreSQL server?
The malware takes aim at PostgreSQL database servers with never-before-seen techniques. Continue reading PGMiner, Innovative Monero-Mining Botnet, Surprises Researchers
If I have a locally running Postgres configured to trust all connections from localhost, does it mean any website I visit has the ability to make a localhost-to-localhost connection to Postgres with JavaScript running in my browser?
Continue reading If Postgres trusts localhost connections, is it dangerous to visit random websites?
I was solving SQL injection lab on Portswigger, and the lab was asking to exploit blind SQL injection by triggering time delays, using that to retrieve administrator password.
I was making 720 requests by Burp intruder, to test (a-z, 0-9) … Continue reading Why intruder number of threads has an effect on the time delay of indiviual requests
I’m trying to figure out if an SQLi for the following PostgreSQL/Java code exists.
public void availableItems(String name) {
return this.query("SELECT * FROM items WHERE name=’"+name+"’");
}
Assuming that in the name… Continue reading PostgreSQL injection with basic sanitization
I have a SQL DB which contains PHI, hosted on AWS. I want to access this data to perform analytics, however, I must de-identify the data first to comply with HIPAA.
How should I approach this? I have thought of a few approaches:
Hasura is an open-source engine that can connect to PostgreSQL databases and microservices across hybrid- and multi-cloud environments and then automatically build a GraphQL API backend for them, making it easier for developers to then build their own data-driven applications on top of this unified API . For a while now, the San Francisco-based startup […] Continue reading Hasura launches managed cloud service for its open-source GraphQL API platform
ScaleGrid has just announced support for their MySQL, PostgreSQL and Redis solutions on DigitalOcean. This launch is in addition to their current DigitalOcean offering for MongoDB database, the only DBaaS to support this database on DigitalOcean. MySQL… Continue reading ScaleGrid now supports MySQL, PostgreSQL and Redis solutions on DigitalOcean