首页>
外国专利>
Indicating SQL injection attack vulnerability with a stored value
Indicating SQL injection attack vulnerability with a stored value
展开▼
机译:指示具有存储值的SQL注入攻击漏洞
展开▼
页面导航
摘要
著录项
相似文献
摘要
A web application receives a user input with a SQL injection attack string that references a function. The application generates a corresponding statement based on the user input string, which the application sends to a database server. Upon receiving the statement, the database server executes the statement that invokes the referenced function. When invoked, the referenced function stores a value. The presence of the stored value indicates that the database server invoked the function. Storing the value indicative of the function invocation identifies a vulnerability of the web application to SQL injection attacks, since the function reference is introduced solely through user input and function invocation is not intended by the application. This provides proof of SQL injection vulnerability of the application.
展开▼