Oracle SQL Injection

Filed under:SQL injection — posted by Consultant on January 2, 2008 @ 1:10 pm

It’s been a long time. I wanted to share a nice link related to ORACLE SQL Injection. If you’re used to MSSQL/MySQL injection scenarios then anytime you run against an ORACLE server you’ll feel something’s wrong, something’s different.

For instance, string concatenation is different. No longer %2B’s (+ character) but rather %7C’s (pipe characters).

Take a look at the following site, it’s the “ORACLE SQL Injection Cheat Sheet”:

http://ferruh.mavituna.com/makale/oracle-sql-injection-cheat-sheet/

Have fun.

zero comments so far »

Please won't you leave a comment, below? It'll put some text here!

Copy link for RSS feed for comments on this post or for TrackBack URI

Leave a comment

Line and paragraph breaks automatic, e-mail address never displayed, HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

(required)

(required)




image: detail of installation by Bronwyn Lace