Difference between revisions of "ApEx:SQL injection"

From OWASP
Jump to: navigation, search
(New page: Dont use substitution variables & but bind variables :)
 
(Added a references section, which includes two external links to videos demonstrating SQL injection into Oracle APEX applications given at KScope 2013.)
Line 1: Line 1:
 +
Don't use substitution variables & but bind variables :
  
 +
== References ==
  
 +
At KScope 2013, a presentation was given about SQL Injection in Oracle APEX applications. The two demonstrations given during this presentation are available as videos:
  
Dont use substitution variables & but bind variables :
+
* [1] [http://bit.ly/14Ybo21 APEX SQL Injection demonstration 1 (dynamic SQL and SQLMAP)]<br>
 +
* [2] [http://bit.ly/137HDgm APEX SQL Injection demonstration 2 (substitution variables and manual exploitation)]

Revision as of 09:24, 11 September 2013

Don't use substitution variables & but bind variables :

References

At KScope 2013, a presentation was given about SQL Injection in Oracle APEX applications. The two demonstrations given during this presentation are available as videos: