SQL Injection in Oracle An exploration of vulnerabilities
Journal Title: International Journal on Computer Science and Engineering - Year 2012, Vol 4, Issue 4
Abstract
Structured Query Language (SQL) injection is one of the most devastating vulnerabilities to impact a business, as it can lead to the exposure of sensitive information stored in an application’s database. SQL Injection can compromise usernames, passwords, addresses, phone numbers, and credit card details. It is the vulnerability that results when an attacker achieves the ability to influence SQL queries that an application passes to a back-end database. The attacker can often leverage the syntax and capabilities of SQL, as well as the power and flexibility of supporting database functionality and operating system functionality available to the database to compromise the web application. In this article we demonstrate two non-web based SQL Injection attacks one of which can be carried out by executing a stored procedure with escalating privileges. We present the unique way in which Oracle handles single and double quotes in strings because, as shown in this paper, this is one of the features of the language that can be exploited in the construction of an injection attack. Recommendations on how to resolve these vulnerabilities are proposed.
Authors and Affiliations
Sid Ansari , Edward R. Sykes
Keywords
Related Articles
- EP ID EP124861
- DOI -
- Views 145
- Downloads 0
Digital Eye Strain Reduction Techniques: A Review
Digital eye strain or computer vision syndrome (CVS) is caused when we spend considerable amount of time in staring at digital screens of desktop computer, laptop, e-readers, tablets and mobile phones. This paper discuss...
CLASSIFICATION OF AGRICULTURAL LAND SOILS A DATA MINING APPROACH
The problem of the knowledge acquisition and efficient knowledge exploitation is very popular also in agriculture area. One of the methods for knowledge acquisition from the existing agricultural databases is the methods...
Nonlinear H∞ controller for flexible joint robots with using feedback linearization
This paper proposes a new approach to feedback linearization of flexible link robots which have uncertain modeling. The flexibility of joints is performed by use of the solenoid nonlinear springs, which have damper prope...
A Sequence Labeling Approach to Morphological Analyzer for Tamil Language
Morphological analysis is the basic process for any Natural Language Processing task. Morphology is the study of internal structure of the word. Morphological analysis retrieves the grammatical features and properties of...
An Approach to Automatic Generation of Test Cases Based on Use Cases in the Requirements Phase
The main aim of this paper is to generate test cases from the use cases. In the real-time scenario we have to face several issues like inaccuracy, ambiguity, and incompleteness in requirements this is because the require...