Basic Example of SQL Injection with Oracle DB
Results 1 to 6 of 6

Thread: Basic Example of SQL Injection with Oracle DB

  1. #1
    Member
    Join Date
    Nov 2002
    Posts
    53

    Basic Example of SQL Injection with Oracle DB

    Doing a presentation on a database that I created for my SQL class and of course, no presentation would be complete,
    without covering security.

    I'm going to talk about SQL Injection, but cover basics that way folks are informed, know what it is and learn something.

    I've gotten a presentation from Def Con X called SPI Dynamics that has a pdf presentation on it. But, I get kinda of confused on
    how this attacks occurs. I know that there is a basic attack on logging in

    For example: Most of the attacks are involved using either " or a ' mixed with regular sql syntax, correct?

  2. #2
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Why don't you check out this link .
    Here is part 2 of it.

    Some good info for you. I found several more papers on this topic. For some more good links

    google sql oracle injection

    I never really read too much about it... but now that i'm reading over it, it is pretty cool. Thanx for sparking my interest.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  3. #3
    Member
    Join Date
    Dec 2002
    Posts
    88

    Lightbulb another link

    I have this link as well: http://www.nextgenss.com/papers/adva..._injection.pdf
    Hmm and yes, you use ' to "close" the value that will be given to the database, and your sql code goes just after that. It is usually used to pass through authentication.. the ; is used to finish a command, giving the attacker a lot of options. Most of the time, the '' or 1=1 trick is used, and if you wonder if most attackers know a thing about SQL, you are right: they don´t. This is just the commonest one.

  4. #4
    Member
    Join Date
    Nov 2002
    Posts
    53
    Originally posted here by phishphreek80
    Why don't you check out this link .
    Here is part 2 of it.

    Some good info for you. I found several more papers on this topic. For some more good links

    google sql oracle injection

    I never really read too much about it... but now that i'm reading over it, it is pretty cool. Thanx for sparking my interest.
    Ya, Security Focus kicks ass, has alot of good info. on it, and in fact, I was reading this over eariler today...

    I guess I keep reading this until it makes more sense.

    thanks

  5. #5
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    Well whats not making sense to you about it JockVSJock ?
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  6. #6
    Member
    Join Date
    Nov 2002
    Posts
    53
    This is the document that I am reading, I am posting here incase more folks want to read up on SQL Injection.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •