This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "ApEx:SQL injection"
From OWASP
(Added a references section, which includes two external links to videos demonstrating SQL injection into Oracle APEX applications given at KScope 2013.) |
|||
| Line 5: | Line 5: | ||
At KScope 2013, a presentation was given about SQL Injection in Oracle APEX applications. The two demonstrations given during this presentation are available as videos: | At KScope 2013, a presentation was given about SQL Injection in Oracle APEX applications. The two demonstrations given during this presentation are available as videos: | ||
| − | * [1] [http://bit.ly/14Ybo21 APEX SQL Injection demonstration 1 (dynamic SQL and SQLMAP)] | + | * [1] [http://bit.ly/14Ybo21 APEX SQL Injection demonstration 1 (dynamic SQL and SQLMAP)] |
* [2] [http://bit.ly/137HDgm APEX SQL Injection demonstration 2 (substitution variables and manual exploitation)] | * [2] [http://bit.ly/137HDgm APEX SQL Injection demonstration 2 (substitution variables and manual exploitation)] | ||
Latest revision as of 16:39, 11 September 2013
Don't use substitution variables & but bind variables :
References
At KScope 2013, a presentation was given about SQL Injection in Oracle APEX applications. The two demonstrations given during this presentation are available as videos:
