SQL Injection

• From: "Dennis Williams" <oracledba.williams@xxxxxxxxx>
• To: oracle-l <oracle-l@xxxxxxxxxxxxx>
• Date: Wed, 22 Mar 2006 09:01:44 -0600

List,

Here is a recent paper on how hackers can use the SQL injection technique.

http://www.ngssoftware.com/papers/sqlinference.pdf

The SQL Server example appears quite appaling, with a hacker being able to
access the O.S. The Oracle example looks bad (select password from
dba_users) on the surface, but an ordinary user shouldn't have that table
and the password is encrypted anyway. Does anyone know if current versions
of SQL Server are this vulnerable?

Dennis Williams

• Follow-Ups:
  • Re: SQL Injection
    • From: Dennis Williams

Other related posts:

• » SQL Injection
• » Re: SQL Injection

1. Home
2. oracle-l
3. Archive
4. 03-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---