Finding an unseen SQL Injection by bypassing escape functions in mysqljs/mysql

TL;DR

  1. Adding stringifyObjects: true on mysql.createConnection to prevent unexpected escaping output with the Object type. (MUST)

Introduction

Exploit Demonstration

The domain name on the URL address bar was changed to the new domain.
Please note that the demo service may shut down or become inaccessible.

Root Cause

Remediation

Workaround 1: Adding stringifyObjects option when createConnection is called

Before

After

Workaround 2: Adding type checks

Before

After

Conclusion

About us

Thanks

--

--

We are a cyber security company based in Tokyo, Japan. We provide security assessment services. HP: https://flatt.tech/en CVE: https://flatt.tech/cve

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Flatt Security Inc.

We are a cyber security company based in Tokyo, Japan. We provide security assessment services. HP: https://flatt.tech/en CVE: https://flatt.tech/cve