Oracle - SQL Injection

Archive of Heavy Query MySQL Oracle SQL Server System Table

Time-Based Blind SQL Injection using Heavy Query
Posted in Blind SQL Injection
Using heavy queries instead of time delays. For different reasons, it might happen that it is impossible to use time delay functions or procedures in order to achieve a classic time delay injection. In these situations, the best option is to...
Continue reading this entry →
Find Table Names for SQL Injection
Posted in Gathering Information
Extracting table names to achieve SQL injection. Before building a query to extract sensitive information, the attacker must know what data he wants to extract and where it is stored in the database. This article explains how to show table names. To simplify learning, we suppose that...
Continue reading this entry →
Find Column Names for SQL Injection
Posted in Gathering Information
Extracting column names for a given table. Once the attacker knows table names he needs to find out what the column names are in order to extract information. This article explains how this information can be found using meta data...
Continue reading this entry →
System Tables for SQL Injection
Posted in SQL Injection Resources
The system tables of the most popular DBMS. You will find below a complete list of system tables for the most popular database management systems. This list also contain specific information related to SQL injection. This reference is subject to modifications in a near future. It will include...
Continue reading this entry →
Secure PL/SQL
Posted in Stored Procedures Defense
Prevent SQL injection attacks against PL/SQL. As explained in the article about SQL injection attacks against PL/SQL, it is possible to create procedures vulnerable to SQLIA. This article details how you can secure PL/SQL code against SQL injections by making only...
Continue reading this entry →
PL/SQL Attacks
Posted in PL/SQL
Understand SQL injection attacks against PL/SQL. PL/SQL, like stored procedures, can be vulnerable to SQL injection attacks. When PL/SQL code integrates user input into a query and executes it, we encounter exactly the same problem we have when we build a classic dynamic query. In...
Continue reading this entry →

About

Sqlinjection.net was developed to provide information about SQL injection to students, IT professionals and computer security enthusiasts. It intends to be a reference about this security flaw.
Read more

Main Sections

Disclamer

This website and/or it's owner is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to sqlinjection.net.

GET THE BOOK!

Recent Articles

Archive of Heavy Query MySQL Oracle SQL Server System Table

Time-Based Blind SQL Injection using Heavy Query

Find Table Names for SQL Injection

Find Column Names for SQL Injection

System Tables for SQL Injection

Secure PL/SQL

PL/SQL Attacks

About

Main Sections

Disclamer