GitHub

[Bug]: Crash in dynamic sql using sql_variant parameter

There is a crash when using dynamic sql with sql_variant parameters on the second execution of the dynamic SQL in a batch. exec sp_executesql N'select @P union select @P', N'@P sql_variant', 1; exec ...
IEEE

Research of SQL injection attack and prevention technology

Abstract: SQL injection attack is one of the most serious security vulnerabilities in Web application system, most of these vulnerabilities are caused by lack of input validation and SQL parameters ...
Bleeping Computer

Hackers steal data of 2 million in SQL injection, XSS attacks

A threat group named 'ResumeLooters' has stolen the personal data of over two million job seekers after compromising 65 legitimate job listing and retail sites using SQL injection and cross-site ...
GitHub

How to fill in parameters with Mybatis dynamic SQL through the Mybatis interceptor

encountered a problem using mybatis dynamic SQL. The mybatis interceptor I wrote couldn't obtain the parameters for value passing for data filling, and the invoice. getArgs() [1] parameter layer ...
IEEE

Summary of Combinatorial Methods for Dynamic Gray-Box SQL Injection Testing

Abstract: In a recent work [1], we present an extended and enhanced gray-box combinatorial security testing methodology for SQL injection vulnerabilities in web applications. It proposes novel attack ...