Oracle SQL Injection Guides and Whitepapers

Introduction

SQL Injection is a hot topic like always, I have been explaining SQL injections with examples in my series of interesting SQL injection attacks, but this time I have gathered some resources on Oracle SQL Injection which can be handy for both penetration testers and developers alike.

Oracle SQL Injection Guides and Whitepapers

Oracle SQL Injection for Oracle Developers:-  This paper is intended for application developers, database administrators, and application auditors to highlight the risk of SQL injection attacks and demonstrate why web applications may be vulnerable.  It is not intended to be a tutorial on executing SQL attacks and does not provide instructions on executing these attacks. It will also help penetration testers, getting their hands dirty on oracle apps. Written by Stephen Kost from  Integrigy Corporation.

 

Exploiting SQL Injection In Oracle 11g Database :- This paper Explains Exploiting PL/SQL Injection With Only CREATE SESSION Privileges in Oracle 11g. Written by David Litchfield from Next Generation Security Software Ltd .

 

Hacking Oracle Based Web Applications:-  Paper explains hacking Oracle based web applications using SQL injection, understanding Oracle protective mechanism and bypassing privileges. Written by Sumit “sid” Siddharth From  7Safe Limited UK .

 

Hacking And Protecting Oracle Databases:- This is a very detailed paper on hacking and protecting oracle databases, it discuses in detail about the Oracle security posture, privileges and filters. In depth knowledge about how it works and how they can be bypassed. This guide is beneficial for Developers and penetration testers alike. Written by Esteban Martínez Fayó From Argeniss.

 

Oracle SQL Injection Explained Wth Examples:- This paper is well written because it explains all aspects of Oracle SQL injection, from finding one in a web application, then exploitation, it also explains about Blind SQL injection in Oracle and Discuses some advance exploitation Techniques Written by Rob David from Sentrigo

 

SQL Injection Protection And Exploitation In Popular Databases:- This detailed paper explains the security and vulnerabilities in popular databases which includes Oracle, Microsoft SQL server, Sybase and IBM DB2. By Application Security Inc.

 

Hacking And Defending Databases :- Walk through to the exploitation of popular DBMS , Oracle , Microsoft SQL server, Sybase and IBM DB2. Great visual aid, is available, where actual exploitation is shown, with systems having different levels of privileges. Good read for penetration testers,although its not a research paper or white paper its more of presentation. Written by  Alexander Rothacker from Application Security Inc. 

SQL injection Series

1. Column Truncation SQL injection Vulnerability
2. Second Order SQL injection explained with example
3. Referer Header Based Blind SQL Injection Explained With Example