So this is a hard to accomplish exploit, and is really only accomplishable by first exploiting another exploit first, or by an employee with some level of trusted access, though this employee might not normally have actual database access. I do believe you should be aware of it, as it leaves open an avenue you may not be thinking of. A sample application So the first thing we need is an application that uses Flyway, let’s just use the Spring Boot Flyway Sample.
Posts with the tag sql:
This is the story of my friends problem today. I got one for ya. Field like field so of course I’m like: “? is that a question? he had given me no prelude, no premise. response I tried field like ‘%’ + field2 + ‘%’ No good though So I explained that % is a wildcard. He still hadn’t explained what his problem is or what he was trying to do.
In PostgreSQL the ASCII NUL or empty string \0 is seen as NOT NULL. This is because postgres developers consider any characters data. I know there are better discussions on it but I can’t find them right now. Unfortunately the programming language you are using probably doesn’t see it the same way. There’s a good chance that initialized variables are set to \0 and so when you try to insert from your language to a NOT NULL field with variables that are seen as undefined in your language, postgres accepts it, and now you have fields that you probably consider to have no data but are NOT NULL.