期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

Oracle 11g网页注入中数据返回攻防研究 被引量:3

Study on Data Extraction in the Process of Oracle-11g-based Web SQL Injection
原文传递
导出
摘要 SQL注入攻击是近几年来非常流行的针对数据库的攻击手段,因为经由Web页面可以绕过防火墙来渗透攻击数据库系统,进而攻击操作系统,所以具有强大的破坏性。在通过Web页面实施SQL注入的过程中,如何将查询结果返回给攻击者(即数据返回技术)是一个非常核心的技术内容。研究对象是针对Oracle 11g为后台数据库的网站,对其实施SQL注入攻击中的5种数据返回技术,以及与之相对应的各种防御手段。 In recent years, SQL injection is an extremely popular attack against database system. Since webpage-based attacks bypass firewall and then hack operating system, the damage caused by web SQL injection is extremely severe. In the whole injection process, how to return data(data extraction) to attackers is a key technical issue. This paper focuses on five data extraction techniques against Oracle11G-based website, and also the related preventing policies.
作者 鲍诚毅 王轶骏
机构地区 上海交通大学信息安全工程学院
出处 《信息安全与通信保密》 2011年第3期61-63,共3页 Information Security and Communications Privacy
关键词 ORACLE 11g 数据返回 SQL注入 Oracle l lg data extraction SQL injection
分类号 TP393.092 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献13

  • 1LITCHFIELD D. Exploiting PL/SQL Injection With Only CREATE SESSION Privileges In Oracle 11g[EB/OL]. [2007-02-21] [2010- 05-01 ]. http : //www.databasesecurity.com/oracle/plsql-injection- create-session.pdf. 被引量:1
  • 2LITCHFILED D. The Oracle Hacker's Handbook: Hacking and Defending Oracle[M]. Indianapolis, Indiana : Wiley Publishing, Inc., 2007: 59-60. 被引量:1
  • 3LITCHFIELD D. Exploiting PL/SQL Injection Flaws with only CREATE SESSION Privileges[EB/OL]. [2009-10-21] [2010-05-01]. http : //www.databasesecurity.com/oracle/plsql-injection-create- session.pdf. 被引量:1
  • 4SIDDHARTH S. Hacking Oracle from the Web: Exploiting SQL Injection from Web Application[EB/OL]. [2010-02-22] [2010-05- 01]. http : //Tsafe.com/assets/pdfs/Hacking_Oracle_From_Web_2.pdf. 被引量:1
  • 5LITCHFIELD D. Hacking Aurora in Oracle IIg[EB/OL]. [2009-10-14] [2010-05-01]. http: //www.databasesecurity.com/ HackingAurora.pdf. 被引量:1
  • 6KORNBURST A. Fortschritdiche SQL Injection in Webanwendungen, Comconsult 2009[EB/OL]. [2009-06-24] [2010-05-01]. http: // www.red-database-security.com/wp/confidence2009.pdf. 被引量:1
  • 7LITCHFIELD D. Securing PL/SQL Applications with DBMS_ ASSERT[EB/OL]. [2005-10-25] [2010-05-01]. http: //www ngssoftware.com/Libraries/Doc uments/Securing_PL_SQL_ Applications with DBMS ASSERT.sflb.ashx. 被引量:1
  • 8DBMS_ASSERT - Sanitize User Input to Help Prevent SQL Injection[EB/OL]. [2010-02-22] [2010-05-01].http: //www. oracle-base.corn/articles/10g/dbms_asserL 10gR2.php. 被引量:1
  • 9KORNBURST A. Bypassing Oracle clbrns_assert[EB/OL]. [2006- 07-27] [2010-05-01]. http: //www.red-database-security.com/ wp/bypass_dbms_assert.pdf. 被引量:1
  • 10LITCHFIELD D. Bypassing Oracle DBMS_ASSERT (in certain situations)[EB/OL]. [2008-07-23] [2010-05-01]. http: //www. databasesecur/ty.com/oracle/Bypassing-DB MS_ASSER T.pdf. 被引量:1

二级参考文献3

  • 1[1]Su Z,Wassermann G.The Essence of Command Injection Attacks in Web Applications[c].The 33rd Annual Symposium on Principles of Programming Languages(POPL 2006).2006,1:372~382. 被引量:1
  • 2[2]Halfond W G,Orso A.AMNESIA:Analysis and Monitoring for NEutralizing SQL-Injection Attacks[c].In Proc.of the IEEE and ACM Intern.Conf.On Automated Software Engineering(ASE 2005).2005,11:174~183. 被引量:1
  • 3[3]Friedl,Stephen.SQL Injection Attacks by Example[EB/OL].http://www.unixwiz.net/ techtips /sqlinjection.html.2005,4. 被引量:1

共引文献20

同被引文献23

  • 1张新宇,卿斯汉,马恒太,张楠,孙淑华,蒋建春.特洛伊木马隐藏技术研究[J].通信学报,2004,25(7):153-159. 被引量:43
  • 2陈楠,薛质.SQL注入攻击的实现和防范[J].信息安全与通信保密,2005(1):48-50. 被引量:18
  • 3LITCHFIELD D. Exploiting PL/SQL Injection Flaws with only CREATE SESSION Privileges[EB/OL]. [2009-10-21] [2011-09-2 1]. http : //www.databasesecurity.com/oracle/ plsql-injection-create-session.pdf. 被引量:1
  • 4LITCHFIELD D. Exploiting PL/SQL Injection with only CREATE SESSIONPrivileges in Oracle 1 lg[EB/OL].[2009- 10-21 ][2011-09-21 ]. http : //www.databasesecurity.com/ ExploitingPLSQLinOracle 11 g.pdf. 被引量:1
  • 5SIDDHARTH S. Hacking Oracle From Web Apps[EB/OL]. [2010-02-22][2011-09-21]. http: //media.blackhat.com/ bh-us- 10/whitepapers/Siddharth/BlackHat-USA-20 lO- Siddharth-Hacking-Oracle-from-the-Web-wp.pdf. 被引量:1
  • 6MART I NEZ Mart i nez Fay 6. Advanced SQL Injection In Oracle Databases[EB/OL]. [2005-02-22][2011-09-21]. http: // www.blackhat.com/presentations/bh-usa-O5/bh-us-O5- fayo .pdf. 被引量:1
  • 7LITCHFIELD D. The Oracle Hacker's Handbook-Hacking and Defending Oracle[M]. Indianapolis, Indiana: Wiley Publishing, Inc., 2007: 58-60. 被引量:1
  • 8戴牡红,曾平.Oracle数据库中SQL注入攻击的检测与防御[J].信息安全与通信保密,2007,29(9):143-144. 被引量:6
  • 9Armbrust A,Fox A,Griffith R,et a1.A view of cloud computing[J].Commun ACM,2010,53(4):50-58. 被引量:1
  • 10Hao F,Lakshman T V,Mukherjee S,et a1.Secure cloud computing with a virtualized network infrastructure[J].The2nd USENIX conference Oil Hot Topics in Cloud Computing,Massachusetts,2011,35(1):1-7. 被引量:1

引证文献3

信息安全与通信保密
2011年 第3期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部