New technique threatens databases.
Edited by Zeid Nasser Database security expert David Litchfield has
published details of a new type of database attack technique. Lateral
SQL injection creates a means for hackers to access database data or
inject hostile code onto vulnerable systems. Exploitation is difficult
and only possible in limited circumstances, Litchfield notes.
Nonetheless, the discovery of the approach - a variant on earlier attack
methods - means that database admins can no longer consider DATE or
NUMBER data types safe from attack. Lateral SQL injection is a variant
of SQL injection attacks, one of the most common methods for attacking
database systems. SQL injection attacks involve attempts by hackers to
trick database servers into running SQL commands, typically after
crackers use vulnerabilities to inject character strings onto databases.
Lateral SQL injections are a variant of the theme that use other forms
of data - DATE and NUMBER data types. These attacks relate to Procedural
Language/SQL programming language used by Oracle developers, and
involves the possible development of exploits that involve hostile DATE
or even NUMBER data types instead of user input. A*New technique
2003 Jordan Press & publishing Co. All rights reserved.
Provided by Syndigate.info an Albawaba.com company