SQL Injection

  • From: "Dennis Williams" <oracledba.williams@xxxxxxxxx>
  • To: oracle-l <oracle-l@xxxxxxxxxxxxx>
  • Date: Wed, 22 Mar 2006 09:01:44 -0600


Here is a recent paper on how hackers can use the SQL injection technique.


The SQL Server example appears quite appaling, with a hacker being able to
access the O.S. The Oracle example looks bad (select password from
dba_users) on the surface, but an ordinary user shouldn't have that table
and the password is encrypted anyway. Does anyone know if current versions
of SQL Server are this vulnerable?

Dennis Williams

Other related posts: