Using Hibernate to execute a dynamic SQL statement with
built-in user-controlled input can allow an attacker to modify the
statement's meaning or to execute arbitrary SQL commands.
stonesoup.jtree.Main
$SS_TC_ROOT/$SS_TC_INSTALL:$SS_TC_ROOT/$SS_TC_INSTALL/lib/*:$SS_TC_ROOT/$SS_TC_INSTALL/lib/opt/*:$SS_TC_DEPS/java/stonesoup/hibernate/postgres/*:$SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar
UNSPECIFIED
UNSPECIFIED
java $SS_JAVA_OPTS -Djava.library.path=$SS_TC_DEPS/lib64/ -cp "$SS_JAVA_CLASSPATH" stonesoup.jtree.Main
env ANT_HOME=$SS_TC_DEPS/ant ant $SS_ANT_OPTS -Dstonesoup.database.postgres.required=no -Dstonesoup.hibernate.postgres.required=yes -Dstonesoup.hibernate.mysql.required=no -Dstonesoup.database.mysql.required=no -Dstonesoup.socket.required=no -lib $SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar -Dstonesoup.socket.lib.dir="$SS_TC_DEPS/java/stonesoup/socket" -Dstonesoup.hibernate.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/mysql" -Dstonesoup.hibernate.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/postgres" -Dstonesoup.database.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/database/mysql" -Dstonesoup.database.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/database/postgres" -Dstonesoup.lttng.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng" -Dstonesoup.lttng.dummy.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng-dummy" -Ddir.dist=$SS_TC_ROOT/$SS_TC_INSTALL build
cp -r lib $SS_TC_ROOT/$SS_TC_INSTALL
Environment variable defining test value.
NONE
USA
/opt/stonesoup/workspace/scripts/northwind_create_northwind_lowercase_lgtwezpuqztwmzlg.sql
northwind_lowercase_lgtwezpuqztwmzlg
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
input/good-01
DROP DATABASE IF EXISTS $SS_DBPGDATABASE;
STDOUT-01 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-01/output.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
Environment variable defining test value.
NONE
Germany
/opt/stonesoup/workspace/scripts/northwind_create_northwind_lowercase_qjejhddaxnxlbvlk.sql
northwind_lowercase_qjejhddaxnxlbvlk
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
-l 1 input/good-02/
DROP DATABASE IF EXISTS $SS_DBPGDATABASE;
STDOUT-02 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-02/output.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
Environment variable defining test value.
NONE
Finland
/opt/stonesoup/workspace/scripts/northwind_create_northwind_lowercase_ddwuseukfpvcespx.sql
northwind_lowercase_ddwuseukfpvcespx
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
input/good-03/jtree-good-03.tar.gz
DROP DATABASE IF EXISTS $SS_DBPGDATABASE;
STDOUT-03 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-03/output.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
Environment variable defining test value.
NONE
USA
/opt/stonesoup/workspace/scripts/northwind_create_northwind_lowercase_cldfwhkaraghsvhx.sql
northwind_lowercase_cldfwhkaraghsvhx
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
-l 2 input/good-04/jtree-good-04.tar.gz
DROP DATABASE IF EXISTS $SS_DBPGDATABASE;
STDOUT-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-04/output.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
Environment variable defining test value.
NONE
Germany
/opt/stonesoup/workspace/scripts/northwind_create_northwind_lowercase_nknzkgmcqoroackq.sql
northwind_lowercase_nknzkgmcqoroackq
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
input/good-01/ input/good-02/ input/good-03/jtree-good-03.tar.gz input/good-04/jtree-good-04.tar.gz
DROP DATABASE IF EXISTS $SS_DBPGDATABASE;
STDOUT-05-01 AND STDOUT-05-02 AND STDOUT-05-03 AND STDOUT-05-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-05/output1.txt
good-05/output2.txt
good-05/output3.txt
good-05/output4.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
Environment variable defining test value.
EXECUTE_UNAUTHORIZED_CODE
x' or 'x'='x
/opt/stonesoup/workspace/scripts/northwind_create_northwind_lowercase_ylmayscpnynpksxp.sql
northwind_lowercase_ylmayscpnynpksxp
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
input/good-03/jtree-good-03.tar.gz
DROP DATABASE IF EXISTS $SS_DBPGDATABASE;
weakness_started_1db6L6QxR1LfuSiG0l8Y AND ((NOT PERFORMER AND (hibernate_sql_output_7YzADmzt3v OR hibernate_sql_output_to4L7n2P1n) AND NOT timeout_vo6QXTCvj1) or (PERFORMER AND NOT ((hibernate_sql_output_7YzADmzt3v OR hibernate_sql_output_to4L7n2P1n) OR timeout_vo6QXTCvj1)))
(NOT PERFORMER AND (hibernate_sql_output_7YzADmzt3v OR hibernate_sql_output_to4L7n2P1n) AND NOT timeout_vo6QXTCvj1) or (PERFORMER AND NOT ((hibernate_sql_output_7YzADmzt3v OR hibernate_sql_output_to4L7n2P1n) OR timeout_vo6QXTCvj1))
DOES_NOT_RETURN
CONTROLLED_EXIT
CONTINUED_EXECUTION
logfile.txt
Zbyszek Piestrzeniewicz
logfile.txt
South House 300 Queensbridge
None
stonesoup_trace:weakness_start
Environment variable defining test value.
EXECUTE_UNAUTHORIZED_CODE
x' or city='London
/opt/stonesoup/workspace/scripts/northwind_create_northwind_lowercase_ekzexwtnflfkrlvq.sql
northwind_lowercase_ekzexwtnflfkrlvq
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
-l 2 input/good-04/jtree-good-04.tar.gz
DROP DATABASE IF EXISTS $SS_DBPGDATABASE;
weakness_started_71tuqCMyauudjnAdyKHK AND ((NOT PERFORMER AND (hibernate_sql_output_pzBNmvr1bj OR hibernate_sql_output_5xPtrlhaf5) AND NOT timeout_QrpbtnqY40) or (PERFORMER AND NOT ((hibernate_sql_output_pzBNmvr1bj OR hibernate_sql_output_5xPtrlhaf5) OR timeout_QrpbtnqY40)))
(NOT PERFORMER AND (hibernate_sql_output_pzBNmvr1bj OR hibernate_sql_output_5xPtrlhaf5) AND NOT timeout_QrpbtnqY40) or (PERFORMER AND NOT ((hibernate_sql_output_pzBNmvr1bj OR hibernate_sql_output_5xPtrlhaf5) OR timeout_QrpbtnqY40))
DOES_NOT_RETURN
CONTROLLED_EXIT
CONTINUED_EXECUTION
logfile.txt
Zbyszek Piestrzeniewicz
logfile.txt
South House 300 Queensbridge
None
stonesoup_trace:weakness_start