• Home
  • Introduction
    • What Is SQL Injection
    • SQL Injection Risks
  • Attacks
    • Basics
    • Test
      • SQL Injection Detection
      • Identify Data Entries
      • Determining Query Structure
      • Anomalies
    • Techniques
    • Extract Information
    • Blind
  • Advanced
    • Stored Procedures Attacks
    • SQL Injection Tools
    • Uncategorized Notes
  • Defense
    • Code Level Defense
  • Resources
    • Simulation Environment
  • About
    • About Us
    • Contact Us
Logo SQL Injection

  • GET THE BOOK!

  • Recent Articles

    • Time-Based Blind SQL Injection using Heavy Query
    • Estimating MySQL Table Size using SQL Injection
    • Time-Based Blind SQL Injection Attacks
    • Analysing Server Response and Page Source
    • Database Fingerprinting for SQL Injection

Archive of Defense Dynamic Cursors Execute sp_executesql Stored Procedure

  • Secure Stored Procedure

    Secure Stored Procedure

    Posted in Stored Procedures Defense

    Prevent SQL injection attacks against stored procedures. As explained in the article about SQL injection attacks against stored procedures, it is possible to create procedures vulnerable to SQLIA. This article details how you can secure your code against SQL injections. As recommended in...

    Continue reading this entry →
  • Stored Procedure Attacks

    Stored Procedure Attacks

    Posted in Procedures

    Understand SQL injection attacks against stored procedures and functions. It is often believed that stored procedures are not vulnerable to SQL injection attacks, but the reality is totally different. In fact, stored procedures and PL/SQL can be vulnerable to SQLIA. This article covers the different situations...

    Continue reading this entry →
  • Secure PL/SQL

    Secure PL/SQL

    Posted in Stored Procedures Defense

    Prevent SQL injection attacks against PL/SQL. As explained in the article about SQL injection attacks against PL/SQL, it is possible to create procedures vulnerable to SQLIA. This article details how you can secure PL/SQL code against SQL injections by making only...

    Continue reading this entry →
  • PL/SQL Attacks

    PL/SQL Attacks

    Posted in PL/SQL

    Understand SQL injection attacks against PL/SQL. PL/SQL, like stored procedures, can be vulnerable to SQL injection attacks. When PL/SQL code integrates user input into a query and executes it, we encounter exactly the same problem we have when we build a classic dynamic query. In...

    Continue reading this entry →
  • Stacked Queries

    Stacked Queries

    Posted in SQL Injection Techniques

    Execute multiple statements in the same query to extend the possibilities of SQL injections. Stacked queries provide a lot of control to the attacker. By terminating the original query and adding a new one, it will be possible to modify data and call stored procedures. This technique is massively used in SQL injection attacks...

    Continue reading this entry →

  • About

    Sqlinjection.net was developed to provide information about SQL injection to students, IT professionals and computer security enthusiasts. It intends to be a reference about this security flaw.

    Read more

  • Main Sections

    • Introduction to SQL Injection
    • SQL injection Tutorial
    • Advanced SQL Injection
    • Securing Against SQL Injection
    • Resources for SQL Injection

  • Disclamer

    This website and/or it's owner is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to sqlinjection.net.
  • Sqlinjection.net Logo
Copyright 2020 SQLINJECTION.NET - All rights reserved. Copyright  ·  Disclaimer  ·  Terms of Use  ·  Privacy Policy  ·  Back to Top ↑