Oracle Error TriggerThis page contains information how to use Oracle Error Trigger to catch SQL Injection attempts.
What is an Error Trigger?
Oracle offers the possibility to catch Oracle error messages. Some error messages normally only occur during SQL injetion attempt. The trigger will intercept and report all these attempts.
ORA-00900: invalid SQL statement
ORA-00906: missing left parenthesis
ORA-00907: missing right parenthesis
ORA-00911: invalid character (e.g. PHP MAGIC_QUOTES_GPC enabled)
ORA-00917: missing comma
ORA-00920: invalid relational operator
ORA-00923: FROM keyword not found where expected
ORA-00933: SQL command not properly terminated
ORA-00970: missing WITH keyword
ORA-01031: insufficient privileges (attempt of privilege escalation)
ORA-01476: divisor is equal to zero (attempt blind sql injection with 1/0)
ORA-01719: outer join operator not allowed in operand of OR or IN
ORA-01722: invalid number (enumeration via rownum and current rownum does not exist)
ORA-01742: comment not properly terminated (inline comment, e.g. optimizer hint, not properly terminated)
ORA-01756: quoted not properly terminated (single quote not properly terminated)
ORA-01789: query block has incorrect number of result columns (attempt to use UNION SELECT)
ORA-01790: expression must have same datatype as corresponding (attempt to use UNION SELECT)
ORA-24247: network access denied by access control list (ACL)
ORA-29257: Host %S unknown (attempt to use utl_inaddr)
ORA-29540: Class does not exist (attempt to utl_inaddr but java not installed)
© 2009 by Red-Database-Security GmbH - last update 23-jan-2009