Inferential SQL Injection Attacks

Although SQLIA (SQL Injection Attack) made its first public appearance back in, it still stays one of most serious and prevalent threat types. When used properly, attackers can influence what is passed to the database by exploiting weak input validation and/or dynamic construction of SQL statements having no proper usage of type-safe parameter values. This paper describes a class of SQL Injection Attacks (SQLIAs) where attackers can deduce information from the back-end DataBase Management System (DBMS) without transferring actual data. Instead, by using predetermined differentiation mechanism, information is being inferred piece by piece.

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays

Resource Details

Provided by:
International Journal of Network Security
Topic:
Security
Format:
PDF