Publication Details
Kompromitace dat pomocí SQL Injection, část III.
ANTAL Lukáš, BARABAS Maroš and HANÁČEK Petr. Kompromitace dat pomocí SQL Injection, část III. DSM Data Security Management, vol. 18, no. 3, 2014, pp. 25-29. ISSN 1211-8737.
English title
Data compromise by SQL Injection, part III.
Type
journal article
Language
czech
Authors
Antal Lukáš, Ing. (DITS FIT BUT)
Barabas Maroš, Ing., Ph.D. (DITS FIT BUT)
Hanáček Petr, doc. Dr. Ing. (DITS FIT BUT)
Barabas Maroš, Ing., Ph.D. (DITS FIT BUT)
Hanáček Petr, doc. Dr. Ing. (DITS FIT BUT)
Keywords
attack, compromise, injection, OWASP, SQL, validation, web
Abstract
In previous parts of this series it was described the possibility of abuse SQL Injection vulnerability to retrieve data from a database, reading local files from the disk and writing, invoking XSS and port scanning. In this final episode it will be shown that the SQL Injection implies even more serious risk than any previously described, and that is the possibility of compromise of the operating system level. In conclusion, the article will be also discuss possibilities of defense against this vulnerability.
Published
2014
Pages
25-29
Journal
DSM Data Security Management, vol. 18, no. 3, ISSN 1211-8737
BibTeX
@ARTICLE{FITPUB10732, author = "Luk\'{a}\v{s} Antal and Maro\v{s} Barabas and Petr Han\'{a}\v{c}ek", title = "Kompromitace dat pomoc\'{i} SQL Injection, \v{c}\'{a}st III.", pages = "25--29", journal = "DSM Data Security Management", volume = 18, number = 3, year = 2014, ISSN = "1211-8737", language = "czech", url = "https://www.fit.vut.cz/research/publication/10732" }