Skip to main content

Research Repository

Advanced Search

An investigation into PL/SQL Injection.

Paterson, Ross; Leimich, Petra

Authors

Ross Paterson



Abstract

SQL injection is a common attack method used to leverage infor-mation out of a database or to compromise a company’s network. This paper investigates four injection attacks that can be conducted against the PL/SQL engine of Oracle databases, comparing two recent releases (10g, 11g) of Oracle. The results of the experiments showed that both releases of Oracle were vulner-able to injection but that the injection technique often differed in the packages that it could be conducted in.

Citation

Paterson, R., & Leimich, P. (2013). An investigation into PL/SQL Injection.

Conference Name CyberForensics 2013: 3rd International Conference on Cybercrime, Security and Digital Forensics
Start Date Jun 10, 2013
End Date Jan 11, 2013
Acceptance Date May 25, 2013
Publication Date 2013
Deposit Date Jun 8, 2016
Peer Reviewed Peer Reviewed
Pages 57-64
ISBN 978-0-947649-97-5
Keywords Oracle; PL/SQL; SQL Injection; Database Security; Code Injection;
Public URL http://researchrepository.napier.ac.uk/id/eprint/10350