Ross Paterson
An investigation into PL/SQL Injection.
Paterson, Ross; Leimich, Petra
Abstract
SQL injection is a common attack method used to leverage infor-mation out of a database or to compromise a company’s network. This paper investigates four injection attacks that can be conducted against the PL/SQL engine of Oracle databases, comparing two recent releases (10g, 11g) of Oracle. The results of the experiments showed that both releases of Oracle were vulner-able to injection but that the injection technique often differed in the packages that it could be conducted in.
Citation
Paterson, R., & Leimich, P. (2013, June). An investigation into PL/SQL Injection. Presented at CyberForensics 2013: 3rd International Conference on Cybercrime, Security and Digital Forensics
| Conference Name | CyberForensics 2013: 3rd International Conference on Cybercrime, Security and Digital Forensics |
|---|---|
| Start Date | Jun 10, 2013 |
| End Date | Jan 11, 2013 |
| Acceptance Date | May 25, 2013 |
| Publication Date | 2013 |
| Deposit Date | Jun 8, 2016 |
| Peer Reviewed | Peer Reviewed |
| Pages | 57-64 |
| ISBN | 978-0-947649-97-5 |
| Keywords | Oracle; PL/SQL; SQL Injection; Database Security; Code Injection; |
| Public URL | http://researchrepository.napier.ac.uk/id/eprint/10350 |
You might also like
On the digital forensic analysis of the Firefox browser via recovery of SQLite artefacts from unallocated space
(2012)
Presentation / Conference Contribution
Fingerprinting JPEGs With Optimised Huffman Tables
(2018)
Journal Article
Editorial: TLAD 2015
(2015)
Presentation / Conference Contribution
Editorial: TLAD 2014
(2014)
Presentation / Conference Contribution
Editorial: TLAD 2013
(2013)
Presentation / Conference Contribution