在 Hibenate HQL 中,是否可以删除表或数据库作为选择查询的嵌套部分?
例如,
select name,email,(delete from Group) from User where 1=1
或
select name,email,(drop table Group) from User where 1=1
或以某种方式在 where 子句之后:
select name,email from User where 1=1;drop table Group;
在 where 子句场景中,我得到如下错误:
org.springframework.orm.hibernate3.HibernateQueryException: unexpected char: ';' [ FROM com.party.Group WHERE name = ? ORDER BY name ASC ;drop table User;]; nested exception is org.hibernate.QueryException: unexpected char: ';' [ FROM com.party.Group WHERE name = ? ORDER BY name ASC ;drop table User;]
at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)
at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.hibernate.QueryException: unexpected char: ';' [ FROM com.verecloud.nimbus4.party.Group WHERE name = ? ORDER BY name ASC ;drop table User;]
... 24 more
要求是在选择查询中检查可能的 SQL 注入(inject)。
最佳答案
SQL 注入(inject)需要结束一条语句,才能执行一条新语句:
select name,email,(;delete from Group;) from User where 1=1
select name,email from User where 1=1;drop table Group;
如果您使用 bind SQL parameters ,您可以免受 SQL 注入(inject)攻击。
如果您动态生成 SQL SELECT(在运行时选择列),您应该使用 JPA Criteria或 jOOQ .
关于java - SQL 注入(inject)从 Hibernate HQL 到 MySQL 的删除/删除,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/29554115/