Oracle SQL Injection

Filed under:SQL injection — posted by Consultant on January 2, 2008 @ 1:10 pm

It’s been a long time. I wanted to share a nice link related to ORACLE SQL Injection. If you’re used to MSSQL/MySQL injection scenarios then anytime you run against an ORACLE server you’ll feel something’s wrong, something’s different.

For instance, string concatenation is different. No longer %2B’s (+ character) but rather %7C’s (pipe characters).

Take a look at the following site, it’s the “ORACLE SQL Injection Cheat Sheet”:

http://ferruh.mavituna.com/makale/oracle-sql-injection-cheat-sheet/

Have fun.



image: detail of installation by Bronwyn Lace