论文信息 - Textual Manipulation for SQL Injection Attacks

Textual Manipulation for SQL Injection Attacks

Abstrac—SQL injection attacks try to use string or text manipulations to access illegally websites and their databases. This is since using some symbols or characters in SQL statements may trick the authentication system to incorrectly allow such SQL statements to be processed or executed. In this paper, we highlighted several examples of such text manipulations that can be successfully used in SQL injection attacks. We evaluated the usage of those strings on several websites and web pages using SNORT open source. We also conducted an extensive comparison study of some relevant papers.

Izzat Alsmadi | Mohammad A. Al-Jarrah | Hussein AlNabulsi

[1] Izzat Alsmadi,et al. Efficient Assessment and Evaluation for Websites Vulnerabilities Using SNORT , 2013 .

[2] Uwe Aickelin,et al. Rule generalisation in intrusion detection systems using SNORT , 2007, Int. J. Electron. Secur. Digit. Forensics.

[3] Martin Roesch,et al. Snort - Lightweight Intrusion Detection for Networks , 1999 .