Ross Paterson
An investigation into PL/SQL Injection.
Paterson, Ross; Leimich, Petra
Abstract
SQL injection is a common attack method used to leverage infor-mation out of a database or to compromise a company’s network. This paper investigates four injection attacks that can be conducted against the PL/SQL engine of Oracle databases, comparing two recent releases (10g, 11g) of Oracle. The results of the experiments showed that both releases of Oracle were vulner-able to injection but that the injection technique often differed in the packages that it could be conducted in.
Citation
Paterson, R., & Leimich, P. (2013). An investigation into PL/SQL Injection.
| Conference Name | CyberForensics 2013: 3rd International Conference on Cybercrime, Security and Digital Forensics |
|---|---|
| Start Date | Jun 10, 2013 |
| End Date | Jan 11, 2013 |
| Acceptance Date | May 25, 2013 |
| Publication Date | 2013 |
| Deposit Date | Jun 8, 2016 |
| Peer Reviewed | Peer Reviewed |
| Pages | 57-64 |
| ISBN | 978-0-947649-97-5 |
| Keywords | Oracle; PL/SQL; SQL Injection; Database Security; Code Injection; |
| Public URL | http://researchrepository.napier.ac.uk/id/eprint/10350 |
You might also like
Fast Forensic Triage Using Centralised Thumbnail Caches on Windows Operating Systems
(2020)
Journal Article
A Forensic Audit of the Tor Browser Bundle
(2019)
Journal Article
Reducing the Impact of Network Bottlenecks on Remote Contraband Detection
(2018)
Conference Proceeding
Sub-file Hashing Strategies for Fast Contraband Detection
(2018)
Conference Proceeding
Fingerprinting JPEGs With Optimised Huffman Tables
(2018)
Journal Article