Other Open Access

A Study of Out-of-Band Structured Query Language Injection

Lee Chun How


JSON Export

{
  "files": [
    {
      "links": {
        "self": "https://zenodo.org/api/files/ba2aeda1-cd4f-4b7a-a815-cd0c6a06f414/A%20Study%20of%20Out-of-Band%20SQL%20Injection.pdf"
      }, 
      "checksum": "md5:2f004751ce1f6e718038f4b8b15cc092", 
      "bucket": "ba2aeda1-cd4f-4b7a-a815-cd0c6a06f414", 
      "key": "A Study of Out-of-Band SQL Injection.pdf", 
      "type": "pdf", 
      "size": 463570
    }
  ], 
  "owners": [
    84183
  ], 
  "doi": "10.5281/zenodo.3556347", 
  "stats": {
    "version_unique_downloads": 1081.0, 
    "unique_views": 374.0, 
    "views": 409.0, 
    "version_views": 415.0, 
    "unique_downloads": 1078.0, 
    "version_unique_views": 380.0, 
    "volume": 531714790.0, 
    "version_downloads": 1151.0, 
    "downloads": 1147.0, 
    "version_volume": 533569070.0
  }, 
  "links": {
    "doi": "https://doi.org/10.5281/zenodo.3556347", 
    "conceptdoi": "https://doi.org/10.5281/zenodo.3556346", 
    "bucket": "https://zenodo.org/api/files/ba2aeda1-cd4f-4b7a-a815-cd0c6a06f414", 
    "conceptbadge": "https://zenodo.org/badge/doi/10.5281/zenodo.3556346.svg", 
    "html": "https://zenodo.org/record/3556347", 
    "latest_html": "https://zenodo.org/record/3556347", 
    "badge": "https://zenodo.org/badge/doi/10.5281/zenodo.3556347.svg", 
    "latest": "https://zenodo.org/api/records/3556347"
  }, 
  "conceptdoi": "10.5281/zenodo.3556346", 
  "created": "2019-11-29T07:33:18.542759+00:00", 
  "updated": "2020-01-20T17:46:11.115463+00:00", 
  "conceptrecid": "3556346", 
  "revision": 3, 
  "id": 3556347, 
  "metadata": {
    "access_right_category": "success", 
    "doi": "10.5281/zenodo.3556347", 
    "description": "<p>Out-of-Band (OOB) Structured Query Language (SQL) Injection is an exploitation to exfiltrate data from database through different outbound channel. Common channel use by OOB SQL Injection for data exfiltration are through Domain Name Server (DNS) and HyperText Transfer Protocol (HTTP) channels. This type of SQL injection should address properly due to the impact is on the par with traditional methods. OOB SQL Injection impacts on database systems with insufficient of input validation control in place and allowed access to public, either DNS or HTTP protocol. Test cases and recommendation for remediation have been discussed in this paper in order to raise awareness of the exploitation.</p>", 
    "license": {
      "id": "CC-BY-4.0"
    }, 
    "title": "A Study of Out-of-Band Structured Query Language Injection", 
    "relations": {
      "version": [
        {
          "count": 1, 
          "index": 0, 
          "parent": {
            "pid_type": "recid", 
            "pid_value": "3556346"
          }, 
          "is_last": true, 
          "last_child": {
            "pid_type": "recid", 
            "pid_value": "3556347"
          }
        }
      ]
    }, 
    "keywords": [
      "SQL Injection", 
      "Out-of-Band", 
      "Input Validation", 
      "DNS", 
      "HTTP"
    ], 
    "publication_date": "2019-08-23", 
    "creators": [
      {
        "orcid": "0000-0002-5288-6136", 
        "name": "Lee Chun How"
      }
    ], 
    "access_right": "open", 
    "resource_type": {
      "subtype": "other", 
      "type": "publication", 
      "title": "Other"
    }, 
    "related_identifiers": [
      {
        "scheme": "doi", 
        "identifier": "10.5281/zenodo.3556346", 
        "relation": "isVersionOf"
      }
    ]
  }
}
415
1,151
views
downloads
All versions This version
Views 415409
Downloads 1,1511,147
Data volume 533.6 MB531.7 MB
Unique views 380374
Unique downloads 1,0811,078

Share

Cite as