General Information

SQL Filter Injection

Variants:
Direct Persistent Session 

Also Known As:
SQL Rowset Injection

Vector Type:
Attack

Relevance:
Technology Specific

Layer:
Application-Level

Platforms:
ASP.Net, Mono

Target Type:
Application

Affected Mechanisms:
Input Validation, Syntax Escaping, Database Access

Invented In:
30/09/2006

Added In:
07/12/2014


Vector Operation Method:
Malicious inputs can affect the structure of code-level SQL row filters


Direct Variant:

SQL Filter Injection

Variant Title:
SQL Filter Injection

Typical Severity:
Medium

Resources:

White Papers:

Learn More:


Persistent Variant:

Stored SQL Filter Injection

Also Known As:
Persistent SQL Filter Injection

Typical Severity:
Medium

Resources:

White Papers:

Learn More:


Session Variant:

SQL Filter Injection via Session Puzzling

Also Known As:
Session SQL Filter Injection

Typical Severity:
Medium

Resources:

White Papers:

Learn More: