As long as we allow ourselves to write string-based dynamic SQL embedded in other programming languages like Java, we will have a certain risk of being vulnerable to SQL injection. 1,188 more words
Tags » Sqli
What is load_extension?
This interface loads an SQLite extension library from the named file.
int sqlite3_load_extension( sqlite3 *db, /* Load the extension into this database connection */ const char *zFile, /* Name of the shared library containing extension */ const char *zProc, /* Entry point.1,081 more words
These become a larger issue when the vulnerability I’ve found requires you to have access to the agent at a level where you can modify the configuration file, I consider what I’ve found to be slightly more severe in larger environments because depending on the configuration of the server system it could allow a full-scale breach instead of a single agent being compromised. 163 more words