First Order Attack
The attacker can simply enter a malicious string and cause the modified code to be executed immediately.
Second Order Attack
The attacker injects into persistent storage (such as a table row) which is deemed as a trusted source. An attack is subsequently executed by another activity.
A second order SQl injection succeeds primarily because the application developeer assumes that the data can be trusted by default when it comes from what he thinks is a reliable source.
In this demonstration, and audit trigger tracks table creations. Because of a SQL injection vulnerability in the trigger, and attacker is able to create a table with malicious string embedded in the table name.
Lateral Injection
The attacker can manipulate the implicit function To_Char() by changing the values of the environment variables, NLS_Date_Format or NLS_Numeric_Characters.
http://download.oracle.com/oll/tutorials/SQLInjection/html/lesson1/les01_tm_attacks.htm
The attacker can simply enter a malicious string and cause the modified code to be executed immediately.
Second Order Attack
The attacker injects into persistent storage (such as a table row) which is deemed as a trusted source. An attack is subsequently executed by another activity.
A second order SQl injection succeeds primarily because the application developeer assumes that the data can be trusted by default when it comes from what he thinks is a reliable source.
In this demonstration, and audit trigger tracks table creations. Because of a SQL injection vulnerability in the trigger, and attacker is able to create a table with malicious string embedded in the table name.
Lateral Injection
The attacker can manipulate the implicit function To_Char() by changing the values of the environment variables, NLS_Date_Format or NLS_Numeric_Characters.
http://download.oracle.com/oll/tutorials/SQLInjection/html/lesson1/les01_tm_attacks.htm
No comments:
Post a Comment