1. Homepage
  2. RvR
  3. Application
  4. Attack Vectors

General Information

HQL Injection

Variants:
Direct Persistent Session 

Also Known As:
ORM Injection

Vector Type:
Attack

Relevance:
Generic

Layer:
Application-Level

Platforms:
Any

Target Type:
Application

Affected Mechanisms:
Input Validation, Syntax Escaping, Database Access

Invented In:
30/09/2006

Added In:
07/12/2014


Vector Operation Method:
Malicious inputs can affect the structure of HQL queries


Direct Variant:

HQL Injection

Variant Title:
HQL Injection

Typical Severity:
Major

Resources:

CWE

CAPEC

Vulnerapedia

OWASP Attacks

OWASP Testing Guide

White Papers:

Learn More:



Persistent Variant:

Stored HQL Injection

Also Known As:
Persistent HQL Injection

Typical Severity:
Major

Resources:

White Papers:

Learn More:


Session Variant:

HQL Injection via Session Puzzling

Also Known As:
Session HQL Injection

Typical Severity:
Major

Resources:

White Papers:

Learn More:




TECAPI ©

Join