Inferential SQL Injection Attacks

Download Now
Provided by: International Journal of Network Security
Topic: Security
Format: PDF
Although SQLIA (SQL Injection Attack) made its first public appearance back in, it still stays one of most serious and prevalent threat types. When used properly, attackers can influence what is passed to the database by exploiting weak input validation and/or dynamic construction of SQL statements having no proper usage of type-safe parameter values. This paper describes a class of SQL Injection Attacks (SQLIAs) where attackers can deduce information from the back-end DataBase Management System (DBMS) without transferring actual data. Instead, by using predetermined differentiation mechanism, information is being inferred piece by piece.
Download Now

Find By Topic