subject:"\[sqlite\] SQLite3's vulnerability in 3.27.1 and 3.26"

Re: [sqlite] SQLite3's vulnerability in 3.27.1 and 3.26

2019-02-25 Thread Digital Dog

I was able to reproduce this behaviour using much shorter query (in sqlite.exe 3.27.1): SELECT + sum(0) OVER() ORDER BY + sum(0) OVER(); SELECT + avg(0) OVER() ORDER BY + avg(0) OVER(); SELECT 1 + avg(0) OVER() ORDER BY 1 + avg(0) OVER(); SELECT - - - - - avg(0) OVER()

[sqlite] SQLite3's vulnerability in 3.27.1 and 3.26

2019-02-22 Thread 范龙飞

?SELECT(+++ last_insert_rowid()++sum(0)oVER())ORDER BY (+++ last_insert_rowid()++sum(0)oVER())ORDER BY 1,1,1,1,1,1? Best regards Longfei Fan from 360 Codesafe Team of Legendsec? ___ sqlite-users mailing