SQL Injection in Oracle An exploration of vulnerabilities
Journal Title: International Journal on Computer Science and Engineering - Year 2012, Vol 4, Issue 4
Abstract
Structured Query Language (SQL) injection is one of the most devastating vulnerabilities to impact a business, as it can lead to the exposure of sensitive information stored in an application’s database. SQL Injection can compromise usernames, passwords, addresses, phone numbers, and credit card details. It is the vulnerability that results when an attacker achieves the ability to influence SQL queries that an application passes to a back-end database. The attacker can often leverage the syntax and capabilities of SQL, as well as the power and flexibility of supporting database functionality and operating system functionality available to the database to compromise the web application. In this article we demonstrate two non-web based SQL Injection attacks one of which can be carried out by executing a stored procedure with escalating privileges. We present the unique way in which Oracle handles single and double quotes in strings because, as shown in this paper, this is one of the features of the language that can be exploited in the construction of an injection attack. Recommendations on how to resolve these vulnerabilities are proposed.
Authors and Affiliations
Sid Ansari , Edward R. Sykes
Keywords
Related Articles
- EP ID EP124861
- DOI -
- Views 137
- Downloads 0
Test Model for Text Categorization and Text Summarization
Text Categorization is the task of automatically sorting a set of documents into categories from a predefined set and Text Summarization is a brief and accurate representation of input text such that the output covers th...
Improving diffusion power of AES Rijndael with 8x8 MDS matrix
AES Rijndael is a block cipher developed by NIST as the Advanced Encryption Standard (AES) replacing DES and published as FIPS 197 in November 2001 [5] to address the threatened key size of Data Encryption Standard (DES)...
Weblog Search Engine Based on Quality Criteria
Nowadays, increasing amount of human knowledge is placed in computerized repositories such as the World Wide Web. This gives rise to the problem of how to locate specific pieces of information in these often quite unstru...
“Recognizing the better technique for Context Aware Applications in Mobile Computing”
there is a great potential of enhancing the context aware mobile application in future. So for improving the optimization of these applications, suitable middleware services are required. The survey paper consulted fifte...
ID-based Directed Threshold Multisignature Scheme from Bilinear Pairings
Multi signature is a signature scheme in which signers jointly generate a signature on a message. Threshold multisignature combines the traits of threshold signature and multisignature. In threshold multisignature, a gro...