SQL Injection

List,

Here is a recent paper on how hackers can use the SQL injection technique.

http://www.ngssoftware.com/papers/sqlinference.pdf

The SQL Server example appears quite appaling, with a hacker being able to
access the O.S. The Oracle example looks bad (select password from
dba_users) on the surface, but an ordinary user shouldn't have that table
and the password is encrypted anyway. Does anyone know if current versions
of SQL Server are this vulnerable?

Dennis Williams

Other related posts: