Closed zealotwithcharge closed 2 years ago
Yes, the vulnerability is very closely related to SQL injection (but it has even wider impact because it happens in a library used by 1000s of programs rather than just in a single program). You can find a discussion of the problem on hacker news: https://news.ycombinator.com/item?id=29504755
https://www.google.com/amp/s/amp.theguardian.com/technology/2021/dec/10/software-flaw-most-critical-vulnerability-log-4-shell
Apparently theres been a breach regarding a certain logging program. It sounds like people got through by simply typing a string into the chatbox. Is this pretty much the same thing as a SQL injection?