

From SQL injection to shell: PostgreSQL edition - snyff
https://www.pentesterlab.com/from_sqli_to_shell_pg_edition.html

======
ibotty
be sure to read the prequel if you haven't done anything like that before:
<https://www.pentesterlab.com/from_sqli_to_shell.html>

------
herge
If I use sql parameters in my queries, am I still vulnerable to SQL injection?
What about using a (sane) ORM?

Basically, is it only php apps that hand-build queries that are vulnerable to
SQL injection?

~~~
jasonlotito
Any app that hand-builds queries. PHP has nothing to do with this. Just
happens to be the vehicle. The problem is simply insecure patterns.

------
dschiptsov
What if I have no PHP?)

