Site icon API Security Blog

SQL Injection

github.com/openclarity/kubeclarity is vulnerable to SQL Injection. The vulnerability is due to manipulating the packageID parameter in the /api/applicationResources endpoint, where the fmt.Sprintf function is used to build the SQL query string without validating the input. It allows an attacker to inject SQL queries using techniques that involve time delays or boolean conditions to extract or manipulate data stored in the backend…Read More

Exit mobile version