Red-Database-Security GmbH is specialized in Oracle SecurityProductsRepscan 2.5 Hedgehog Enterprise Checkpwd (free)
Services
Information
Company |
Oracle Error Trigger This page contains information how to use Oracle Error Trigger to catch SQL Injection attempts.What is an Error Trigger? Oracle offers the possibility to catch Oracle error messages. Some error messages normally only occur during SQL injetion attempt. The trigger will intercept and report all these attempts. ORA-00900: invalid SQL statement ORA-00906: missing left parenthesis ORA-00907: missing right parenthesis ORA-00911: invalid character (e.g. PHP MAGIC_QUOTES_GPC enabled) ORA-00917: missing comma ORA-00920: invalid relational operator ORA-00923: FROM keyword not found where expected ORA-00933: SQL command not properly terminated ORA-00970: missing WITH keyword ORA-01031: insufficient privileges (attempt of privilege escalation) ORA-01476: divisor is equal to zero (attempt blind sql injection with 1/0) ORA-01719: outer join operator not allowed in operand of OR or IN ORA-01722: invalid number (enumeration via rownum and current rownum does not exist) ORA-01742: comment not properly terminated (inline comment, e.g. optimizer hint, not properly terminated) ORA-01756: quoted not properly terminated (single quote not properly terminated) ORA-01789: query block has incorrect number of result columns (attempt to use UNION SELECT) ORA-01790: expression must have same datatype as corresponding (attempt to use UNION SELECT) ORA-24247: network access denied by access control list (ACL) ORA-29257: Host %S unknown (attempt to use utl_inaddr) ORA-29540: Class does not exist (attempt to utl_inaddr but java not installed)
Related Information © 2009 by Red-Database-Security GmbH - last update 23-jan-2009 |