Analyzing SQL Meta Characters and Preventing SQL Injection Attacks Using Meta Filter
SQL Injection Attacks (SQLIA) are widely used in which an attacker crafts input to the application server to access or modify data on the database server. A common approach for an attacker to launch SQLIA is by modifying the input URL to contain partial SQL queries and trick the server into executing them. In this paper, the authors first identify all those input patterns that can appear in the URL of an attack. Next they proposed to deploy a SQL Meta character filter that parses the input URL to detect attack patterns. The attack patterns are so chosen so that SQL Meta characters that appear in a legal input are not filtered out.