基于Oracle数据库的漏洞利用与提取技术研究 毕业论文+开题报告+文献资料
摘 要
随着计算机网络的快速发展,以Web应用后台数据库为目标的攻击方式成为攻击者非法窃取信息的重要手段。同时,Oracle数据库作为世界上最成熟的关系数据库之一,已被广泛的应用于金融等重要领域,因此针对以Oracle数据库为后台数据系统的各类攻击尤为常见。
Oracle数据库作为一个大型数据库系统的典型代表,被最广泛的应用于各个大型网络系统中,也成为了攻击者攻击的重中之重。因为此,研究针对Oracle数据库的攻防技术是保障网络信息安全的一项重要课题。
本课题的主要研究对象是针对Oracle数据库的SQL注入方式、标类注入提权技术及防御手段,Oracle提权漏洞的注入攻击,深入研究针对常用的Oracle提权攻击技术及其相应的防御方法。分析并研究两种通过游标进行权限提升攻击技术,包括游标Snarf提权技术及游标注入提权技术。归纳出使用于此类技术的两种攻击途径。
关键词:Oracle;数据库;漏洞;安全;提取
Abstract
Along with the rapid development of computer network, the attack mode of Web application background database becomes an important means for attackers to steal information illegally. Meanwhile, as one of the most mature relational databases in the world, Oracle database has been widely used in important fields such as finance, so it is especially common to attack all kinds of data systems with Oracle database as background data system.
As a typical representative of a large database system, Oracle database is widely used in various large network systems, and has become the most important attack by attackers. Because of this, the research on attack and defense technology for Oracle database is an important subject to ensure network information security.
The main research object of this topic is to Oracle the SQL injection mode of the database, the standard class injection lifting technology and the defense means, Oracle the injection attack of the lifting vulnerability, and deeply study the commonly used Oracle lifting attack technology and its corresponding defense methods. Analysis and study of two kinds of cursor rights enhancement attack technology, including cursor Snarf lifting technology and cursor injection lifting technology. Two attack methods used in this technology are summarized.
Keywords: Oracle; database; vulnerability; security; extraction
目 录
