Publication Details

Kompromitace dat pomocí SQL Injection, část II.

ANTAL, L.; BARABAS, M.; HANÁČEK, P. Kompromitace dat pomocí SQL Injection, část II. DSM Data Security Management, 2014, roč. 18, č. 2, s. 32-35. ISSN: 1211-8737.
English title
Data compromise by SQL Injection, part II.
Type
journal article
Language
Czech
Authors
Antal Lukáš, Ing.
Barabas Maroš, Ing., Ph.D.
Hanáček Petr, doc. Dr. Ing. (DITS)
Keywords

attack, compromise, injection, OWASP, SQL, validation, web

Abstract

In previous work we described the classic SQL Injection exploits used for theft or modification of database data. After discovery of SQL injection in application, the goals of attacker do not have to stay only in database. The attacker can try with SQL Injection to read files on the local disk and even write to the disk, it may carry out an attack through XSS (Cross Site Scripting) and scan ports on the internal network.

Published
2014
Pages
32–35
Journal
DSM Data Security Management, vol. 18, no. 2, ISSN 1211-8737
BibTeX 
@article{BUT111617,
  author="Lukáš {Antal} and Maroš {Barabas} and Petr {Hanáček}",
  title="Kompromitace dat pomocí SQL Injection, část II.",
  journal="DSM Data Security Management",
  year="2014",
  volume="18",
  number="2",
  pages="32--35",
  issn="1211-8737",
  url="https://www.fit.vut.cz/research/publication/10667/"
}
Back to top