-
February 2nd, 2003, 11:41 PM
#1
Member
Basic Example of SQL Injection with Oracle DB
Doing a presentation on a database that I created for my SQL class and of course, no presentation would be complete,
without covering security.
I'm going to talk about SQL Injection, but cover basics that way folks are informed, know what it is and learn something.
I've gotten a presentation from Def Con X called SPI Dynamics that has a pdf presentation on it. But, I get kinda of confused on
how this attacks occurs. I know that there is a basic attack on logging in
For example: Most of the attacks are involved using either " or a ' mixed with regular sql syntax, correct?
-
February 2nd, 2003, 11:50 PM
#2
Why don't you check out this link .
Here is part 2 of it.
Some good info for you. I found several more papers on this topic. For some more good links
google sql oracle injection
I never really read too much about it... but now that i'm reading over it, it is pretty cool. Thanx for sparking my interest.
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
February 3rd, 2003, 12:17 AM
#3
another link
I have this link as well: http://www.nextgenss.com/papers/adva..._injection.pdf
Hmm and yes, you use ' to "close" the value that will be given to the database, and your sql code goes just after that. It is usually used to pass through authentication.. the ; is used to finish a command, giving the attacker a lot of options. Most of the time, the '' or 1=1 trick is used, and if you wonder if most attackers know a thing about SQL, you are right: they don´t. This is just the commonest one.
-
February 3rd, 2003, 02:34 AM
#4
Member
Originally posted here by phishphreek80
Why don't you check out this link .
Here is part 2 of it.
Some good info for you. I found several more papers on this topic. For some more good links
google sql oracle injection
I never really read too much about it... but now that i'm reading over it, it is pretty cool. Thanx for sparking my interest.
Ya, Security Focus kicks ass, has alot of good info. on it, and in fact, I was reading this over eariler today...
I guess I keep reading this until it makes more sense.
thanks
-
February 3rd, 2003, 03:13 AM
#5
Well whats not making sense to you about it JockVSJock ?
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
February 4th, 2003, 05:13 AM
#6
Member
This is the document that I am reading, I am posting here incase more folks want to read up on SQL Injection.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|