• An investigation into PL/SQL I...

Treffer: An investigation into PL/SQL Injection.

Title:
An investigation into PL/SQL Injection.
Authors:
Paterson, Ross, Leimich, Petra
Publication Year:
2013
Collection:
Edinburgh Napier Repository (Napier University Edinburgh)
Subject Terms:
Oracle, PL/SQL, SQL Injection, Database Security, Code Injection, 005.4 Systems programming and programs, QA75 Electronic computers. Computer science
Document Type:
Fachzeitschrift text
Language:
unknown
Relation:
http://researchrepository.napier.ac.uk/id/eprint/10350
Availability:
http://researchrepository.napier.ac.uk/id/eprint/10350
Accession Number:
edsbas.5DFB7A2C
Database:
BASE

Weitere Informationen

SQL injection is a common attack method used to leverage infor-mation out of a database or to compromise a company’s network. This paper investigates four injection attacks that can be conducted against the PL/SQL engine of Oracle databases, comparing two recent releases (10g, 11g) of Oracle. The results of the experiments showed that both releases of Oracle were vulner-able to injection but that the injection technique often differed in the packages that it could be conducted in.