SQL Injection in Oracle An exploration of vulnerabilities
Journal Title: International Journal on Computer Science and Engineering - Year 2012, Vol 4, Issue 4
Abstract
Structured Query Language (SQL) injection is one of the most devastating vulnerabilities to impact a business, as it can lead to the exposure of sensitive information stored in an application’s database. SQL Injection can compromise usernames, passwords, addresses, phone numbers, and credit card details. It is the vulnerability that results when an attacker achieves the ability to influence SQL queries that an application passes to a back-end database. The attacker can often leverage the syntax and capabilities of SQL, as well as the power and flexibility of supporting database functionality and operating system functionality available to the database to compromise the web application. In this article we demonstrate two non-web based SQL Injection attacks one of which can be carried out by executing a stored procedure with escalating privileges. We present the unique way in which Oracle handles single and double quotes in strings because, as shown in this paper, this is one of the features of the language that can be exploited in the construction of an injection attack. Recommendations on how to resolve these vulnerabilities are proposed.
Authors and Affiliations
Sid Ansari , Edward R. Sykes
Keywords
Related Articles
- EP ID EP124861
- DOI -
- Views 155
- Downloads 0
Software efforts estimation using Use Case Point approach by increasing Technical Complexity and Experience Factors
An IT industry wants a simple and accurate method of efforts estimation. Estimation of efforts before starting of work is a prediction and prediction always not accurate. Intermediate COCOMO considered 17 factor that aff...
Application Based Utility Adaptation with Prioritized Weight Assignment Strategy for Minimizing Delay in Multimedia Applications
The aim of this paper is to propose a joint cross-layer approach between application layer and MAC layer for enhancing Quality of Service (QoS) for multimedia applications. Bandwidth adaptation scheme based on applicatio...
Segmentation of Telugu Touching Conjunct Consonants Using Overlapping Bounding Boxes
Telugu is an ancient historic language. It is spoken by about 84.6 million people of Andhra Pradesh. The script has circular orthography with few horizontal and slant strokes. Huge literature exists for this language in...
Rule Based Classification to Detect Malnutrition in Children
Data mining is an area which used in vast field of areas. Rule based classification is one of the sub areas in data mining. From this paper it will describe how rule based classification is used alone with Agent Technolo...
Improvement in Word Sense Disambiguation by introducing enhancements in English WordNet Structure
Word sense disambiguation (WSD) is an open problem of natural language processing, which governs the process of identifying the appropriate sense of a word (i.e. intended meaning) in a sentence, when the word has multipl...