Public
- Public
- Network
- Groups
- Featured
- Popular
- People

A GitHub comment by WesleyAC marked as spam that reads: it's also real cool and good to assemble the sql statements with string interpolation. afaict that doesn't cause any sql injection problems in the current code, but as soon as there's a path that calls getObjectBy with a attacker-controlled key or something like that there's gonna be problems. definitely not a sign of half baked software rushed to ship or anything like that!

Download link

A GitHub comment by WesleyAC marked as spam that reads: it's also real cool and good to assemble the sql statements with string interpolation. afaict that doesn't cause any sql injection problems in the current code, but as soon as there's a path that calls getObjectBy with a attacker-controlled key or something like that there's gonna be problems. definitely not a sign of half baked software rushed to ship or anything like that!
https://s3.us-east-005.backblazeb2.com/techlgbt/media_attachments/files/109/913/753/089/520/415/original/edd0f602ebc930b7.png

Notices where this attachment appears

Embed this notice
Twann :flag_black: :heart_nb: (twann@tech.lgbt)'s status on Sunday, 30-Apr-2023 21:52:07 JST Twann :flag_black: :heart_nb:

Nice work concatenating SQL queries with variables, #Cloudflare! 👏 :blobfoxangrylaugh:
Oh, btw, they're supposed to be a #cybersecurity company so IT'S BAD.
Oh and guess what? They marked the comment related to this as spam. :blobcat_thisisfine:
#decloudflare #infosec

In conversation Sunday, 30-Apr-2023 21:52:07 JST from tech.lgbt permalink