Research Output
An investigation into PL/SQL Injection.
  SQL injection is a common attack method used to leverage infor-mation out of a database or to compromise a company’s network. This paper investigates four injection attacks that can be conducted against the PL/SQL engine of Oracle databases, comparing two recent releases (10g, 11g) of Oracle. The results of the experiments showed that both releases of Oracle were vulner-able to injection but that the injection technique often differed in the packages that it could be conducted in.

  • Publication Status:


  • Library of Congress:

    QA75 Electronic computers. Computer science

  • Dewey Decimal Classification:

    005.4 Systems programming and programs


Paterson, R. & Leimich, P. (2012). An investigation into PL/SQL Injection. ISBN 978-0-947649-97-5



Oracle; PL/SQL; SQL Injection; Database Security; Code Injection;

Monthly Views:

Available Documents