Abstract
In 2007 the classification of the ten most critical vulnerabilities for the security of a system establishes that code injection attacks are the second type of attack behind XSS attacks. Currently the code injection attacks are placed first in this ranking. In fact Most critical attacks are those that combine XSS techniques to access systems and code injection techniques to access the information. The potential damage associated with this type of threats, the total absence of background and the fact that the solution to mitigate this vulnerability must be implemented by systems administrators and the database vendors justify an in-depth analysis to estimate all the possible ways of implementation of this attack technique.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
The Open Web Application Security Project, http://www.owasp.org
Connection Strings.com, http://www.connectionstrings.com
Ryan, W.: Using the Sql Connection String Builder to guard against Connection String Injection Attacks, http://msmvps.com/blogs/williamryan/archive/2006/01/15/81115.aspx
Connection String Builder (ADO.NET), http://msdn.microsoft.com/en-us/library/ms254947.aspx
Carettoni, L., di Paola, S.: HTTP Parameter Pollution, http://www.owasp.org/images/b/ba/AppsecEU09_CarettoniDiPaola_v0.8.pdf
ASP.NET Enterprise Manager in SourceForge, http://sourceforge.net/projects/asp-ent-man/
ASP.NET Enterprise Manager in MyOpenSource, http://www.myopensource.org/internet/asp.net+enterprise+manager/download-review
PHPMyAdmin, http://www.phpmyadmin.net/
myLittleAdmin, http://www.mylittleadmin.com
myLittleBackup, http://www.mylittlebackup.com
myLittleTools, http://www.mylittletools.net
Microsoft SQL Server Web Data Administrator, http://www.microsoft.com/downloads/details.aspx?FamilyID=c039a798-c57a-419e-acbc-2a332cb7f959&displaylang=en
Microsoft SQL Server Web Data Administrator in Codeplex project, http://www.codeplex.com/SqlWebAdmin
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Alonso, C., Fernandez, M., Martín, A., Guzmán, A. (2010). Connection String Parameter Pollution Attacks. In: Serrão, C., Aguilera Díaz, V., Cerullo, F. (eds) Web Application Security. IBWAS 2009. Communications in Computer and Information Science, vol 72. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16120-9_16
Download citation
DOI: https://doi.org/10.1007/978-3-642-16120-9_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16119-3
Online ISBN: 978-3-642-16120-9
eBook Packages: Computer ScienceComputer Science (R0)