You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert
sql-execute-os-command.md Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement | Microsoft Security Blog SQLサーバから別のところに侵入するパターンで、SQLサーバ上でOSのコマンドを利用してるケースが増えている。 各SQLサーバでOSコマンドを実行する方法を知りたい。 Type How To Status SQL Server xp_cmdshell Disable by Default MySQL system (\!) Enable in Terminal PostgreSQL COPY Require pg_execute_server_program role Related Exploiting PostgreSQL
Microsoft security researchers recently identified a campaign where attackers attempted to move laterally to a cloud environment through a SQL Server instance. This attack technique demonstrates an approach we’ve seen in other cloud services such as VMs and Kubernetes cluster, but not in SQL Server. The attackers initially exploited a SQL injection vulnerability in an application within the target
UpdateOpen-sourcing SQLCoder: a state-of-the-art LLM for SQL generationWe are thrilled to open-source Defog SQLCoder: a 15B parameter LLM that outperforms gpt-3.5-turbo on text-to-SQL tasks. Aug 20, 2023 Introducing SQLCoderWe are thrilled to open source Defog SQLCoder – a state-of-the-art LLM for converting natural language questions to SQL queries. SQLCoder significantly outperforms all major op
In the codegen section, the out field dictates what directory will contain the new files. The plugin key must reference a plugin defined in the top-level plugins map. Any options are serialized to a string as JSON and passed on to the plugin itself. version: '2' plugins: - name: greeter wasm: url: https://github.com/sqlc-dev/sqlc-gen-greeter/releases/download/v0.1.0/sqlc-gen-greeter.wasm sha256: a
Did you know that GitHub maintains a public database of known CVEs and security advisories for open-source codebases? The database is a public Git repository that holds JSON files in OSV format, partitioned by date. This is the data that's displayed on the github.com/advisories page, which also powers Dependabot alerts! Since it's just a Git repo, we wanted to take it for a spin with MergeStat to
Via this comment on Hacker News I started exploring the ClickHouse Playground. It's really cool, and among other things it allows CORS-enabled API hits that can query a decade of history from the GitHub events archive in less than a second. ClickHouse is an open source column-oriented database, originally developed at Yandex but spun out into a separate, VC-funded company in 2021. It's designed fo
Team82 Research {JS-ON: Security-OFF}: Abusing JSON-Based SQL to Bypass WAF Executive SummaryTeam82 has developed a generic bypass of industry-leading web application firewalls (WAF). The attack technique involves appending JSON syntax to SQL injection payloads that a WAF is unable to parse. Major WAF vendors lacked JSON support in their products, despite it being supported by most database engine
techfeed 経由で下記のスレッドを見かけたのですが、タイトルだけでも既に面白そうです。 また、ちょっと前から Notion のデータベースを各種コンテンツへ変換するツールを作っていまして、これを組み合わせるといろいろ楽できそうな予感がします。 そのようなわけで、スレッドで紹介されていた columnq-cli についての記事です。 columnq-cli とは? README を読むと「各種データをテーブルとして SELECT できるようにする CLI ツール」で、テーブルソースには JSON などの他に ROAPI でサポートされているものを扱えるとのこと。 (SELECT のみで更新はできない) ここで ROAPI とはなんぞやとなりますが、こちらは「ローカルのファイルシステムや各種サービスのデータを統合的に扱える(SELECT できる)サーバー」を構築できるそうです。 図 1-
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
処理を実行中です
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く