SQLi vulnerabilty in education sector websites of Bangladesh

Alam, Delwar; Bhuiyan, Touhid; Kabir, Alamgir; Farah, Tanjila

doi:10.1109/infosec.2015.7435521

Cited by 10 publications

(6 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Error based injection is attempted when basic inject is unable to retrieve all the data. Error based injection is usually attempted when the "union" query fails in normal SQLi [9]. "Union" query retrieves the vulnerable columns in the database.…”

Section: B Error Baeed Sqlimentioning

confidence: 99%

“…When error based injection vulnerability is identified by but the injection steps fail to return output, double query injection is attempted [9]. Double query injection works with similar principal as the error based injection.…”

Section: Error Based Double Query Injectionmentioning

confidence: 99%

“…Blind injection never returns data directly such as other SQLi techniques [9]. In Blind inject data is retrieved one letter at a time.…”

Section: F Blind Injectionmentioning

confidence: 99%

“…TRUE and TRUE implies true in Boolean. 2) Injection Query: If both true and false condition return results accordingly then the possibility of existence of blind injection is confirmed [9]. The next step is to extract other information such as: database version, database name, table name, column name, and data.…”

Section: F Blind Injectionmentioning

confidence: 99%

See 3 more Smart Citations

Evaluating the Readiness of Cyber Resilient Bangladesh

Bhuiyan¹,

Alam²,

Farah³

2015

JITST

Self Cite

View full text Add to dashboard Cite

show abstract

Section: B Error Baeed Sqlimentioning

confidence: 99%

Section: Error Based Double Query Injectionmentioning

confidence: 99%

“…Blind injection never returns data directly such as other SQLi techniques [9]. In Blind inject data is retrieved one letter at a time.…”

Section: F Blind Injectionmentioning

confidence: 99%

Section: F Blind Injectionmentioning

confidence: 99%

See 2 more Smart Citations

Evaluating the Readiness of Cyber Resilient Bangladesh

Bhuiyan¹,

Alam²,

Farah³

2015

JITST

Self Cite

View full text Add to dashboard Cite

show abstract

“…In this paper, the authors discuss websites with improper input validation. Improper input validation is responsible for various types of web application-based attacks such as Cross Site Request Forgery (CSRF) [29], Cross Site Scripting (XSS) [30], Structured Query Language (SQLi) [31], [37] Local File Inclusion [32], [33], Broken Authentications [34], Session Management [35], and Local File Discloser [36]. The authors test SQLi-based attacks to measure the severity of improper input validation of some targeted websites.…”

Section: Introductionmentioning

confidence: 99%

A Study of Ajax Template Injection in Web Applications

Noyon¹,

Abid²,

Hassan³

et al. 2018

IJET

View full text Add to dashboard Cite

Cyber-attacks are becoming increasingly frequent, causing a lot of damage. Cyber-attacks have crippled our economic infrastructure both directly and indirectly. Attackers steal our valuable data by compromising web application security loopholes. Developers can prevent cyber-attacks using latest web technologies. Since web technologies are becoming more secure, cyber attackers are getting more incursive to find out the zero day vulnerability of the targeted system to breach the security. Nowadays most damaging attacks are done using zero-day vulnerability. An Ajax template injection is such an attack: An unauthenticated attacker dumps database table credentials by intercepting server response. Owing to the damage caused by an Ajax template injection, it can be counted among the OWASP top ten web application vulnerabilities in the near future. This paper discusses the idea of an Ajax template injection and its impact on Ajaxbased web applications. This paper also provides statistical data about the percentage of Ajax-based web application vulnerabilities in Bangladesh.

show abstract