SQL injection

About: SQL injection is a research topic. Over the lifetime, 2174 publications have been published within this topic receiving 33241 citations. The topic is also known as: SQLI.

SQL/JavaScript Hybrid Worms As Two-stage Quines

Abstract: Delving into present trends and anticipating future malware trends, a hybrid, SQL on the server-side, JavaScript on the client-side, self-replicating worm based on two-stage quines was designed and implemented on an ad-hoc scenario instantiating a very common software pattern. The proof of concept code combines techniques seen in the wild, in the form of SQL injections leading to cross-site scripting JavaScript inclusion, and seen in the laboratory, in the form of SQL quines propa- gated via RFIDs, resulting in a hybrid code injection. General features of hybrid worms are also discussed.

ISSN 2320-3927 Original Article Server Side Attacks On Web Applications

Abstract: Server Side attack occurs by injecting script in HTML pages and allows the exploitation of a web application .It can be exploited through the manipulation of SSI in use .Cross site scripting (XSS) is one of the major problem in any web application. Two of the mostly widely spread and dangerous vulnerabilities in web applications are SQL injection and cross site scripting (XSS) because of the damage they may cause to victim. Fault that allows these attacks to succeed are quite widespread and can occur anywhere a web application uses. Web applications are developed with hard time constraints and are often deployed with security vulnerabilities. In this paper we propose automatic web vulnerability scanner which helps us to locate the vulnerabilities using software fault injection techniques and are popular among developers of web application. The results are then compared by analyzing coverage of vulnerability detection and false positives. The scanning tools are evaluated and the results show that coverage is low and percentage of false positives is high.

On the Property of the Distribution of Symbols in SQL Injection Attack

Abstract: SQL injection is an attack of type to insert malicious query via an input form on web site. If SQL injection attack were successful, there are the threats of unauthorized access, information leak or falsification of data for web applications driven database system. In the conventional studies, a lot of prevention and detection methods using pattern matching, parsing or machine learning have been developed. However, it is easy to evade detection by modifying the strings of SQL injection attacks. Therefore, it is very important to investigate the essence of SQL injection attacks for preventing such evasion of detection. In this study, we constructed the feature space by using the property of the distribution of SQL injection attack, and proposed an attack detection method. The result of this study is showing the importance concerning the construction of feature space.

SQL injection detection method and data processing method

Abstract: The invention discloses an SQL injection detection method and a data processing method. The SQL injection detection method comprises the following steps: encoding a detection object according to an encoding table to obtain an encoding result; wherein the encoding table records a corresponding relationship between the character category and the code; and determining whether SQL injection exists inthe detection object or not according to the coding result. According to the method and the device, quick detection of SQL injection is realized, the detection effect is improved, and the defense costis reduced.