SQL infections through RFID

Sulaiman, Anthonius; Mukkamala, Srinivas; Sung, Andrew H.

doi:10.1007/s11416-007-0075-8

Cited by 13 publications

(4 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Microsoft Visual C++ programming system can automatically generate the procedural framework, with first-class management flexibility. [1] This system based on a simple personnel management information system of common enterprises, give full play to the amount of information stored in SQL database big advantage, combined with the powerful function of C++ language in programming, and developed the personnel information management system has its own characteristics. This design is mainly to achieve the following functions: staff information browsing, add and delete functions, query, sorting screening function, authority restriction function, salary calculation function.…”

Section: Programming Systemmentioning

confidence: 99%

Development and Application of Economic Management Information System of Enterprises Based on VC++ Technology

Yang

2014

AMM

View full text Add to dashboard Cite

With the constant expansion of Chinese enterprises, the enterprise’s personnel system becomes increasingly large, increasingly difficult to manage, for the information management has become increasingly important. Personnel information management is an important and delicate and complex, so to establish utility personnel information management system in order to maintain a stable business operation, reduce management investment, improve productivity, enhance IT management tools to improve the unit earnings. Further information management system applications conform to the current trend of the information society and shorten the cycle of social production. The personnel information management system is the use of C++ language as the development language, My SQL database as a backend database.

show abstract

Section: Programming Systemmentioning

confidence: 99%

Development and Application of Economic Management Information System of Enterprises Based on VC++ Technology

Yang

2014

AMM

View full text Add to dashboard Cite

show abstract

“…For example, in MS SQL Server, XP_CmdShell of the database will carry out a random instruction of the operating system [6].…”

Section: B Realizing the Sql Injection Attacks Throughmentioning

confidence: 99%

“…--", then following "WHERE Uid=%id" will be the annotation, and no longer be compiled [6]. This UPDATE sentence will affect each line in the field "Contents", realize their own duplication, and create the destruction to all of the original information of this field.…”

Section: Update Container Set Contents = '%S' Where Uid=%idmentioning

confidence: 99%

SQL Injections through Back-End of RFID System

Zhang

Wang

2009

2009 International Symposium on Computer Network and Multimedia Technology

View full text Add to dashboard Cite

Virus attacks have threaten the development and the use of electronic tags and RFID systems. Especially, the operating efficiency and the security of the information in the back-end of RFID system are significantly affected. In this paper, we summarized the ways of attacking the back-end of RFID system, which have been widespread concerned and advanced. The SQL injection attacks of Database-Based Components was elaborated and simulated. We thus proved the feasibility and potential disaster of viral attacks' in the RFID system.

show abstract

“…In our previous work [6], we also demonstrated such vulnerabilities in MS SQL system which the other paper fell short on. We showed how attackers can use SQL injection attacks in conjunction with RFID middleware to compromise the infrastructure [7]. SQL injection happens when a developer accepts user input that is directly placed into a SQL Statement and doesn't properly filter out dangerous characters.…”

Section: Related Workmentioning

confidence: 99%

Fragmented malware through RFID and its defenses

2008

Self Cite

View full text Add to dashboard Cite

Malware, in essence, is an infiltration to one's computer system. Malware is created to wreak havoc once it gets in through weakness in a computer's barricade. Antivirus companies and operating system companies are working to patch weakness in systems and to detect infiltrators. However, with the advance of fragmentation, detection might even prove to be more difficult. Malware detection relies on signatures to identify malware of certain shapes. With fragmentation, functionality and size can change depending on how many fragments are used and how the fragments are created. In this paper we present a robust malware detection technique, with emphasis on detecting fragmentation malware attacks in RFID systems that can be extended to detect complex obfuscated and mutated malware. After a particular fragmented malware has been first identified, it can be analyzed to extract the signature, which provides a basis for detecting variants and mutants of similar types of malware in the future. Encouraging experimental results on a limited set of recent malware are presented.

show abstract

SQL infections through RFID

Cited by 13 publications

References 3 publications

Development and Application of Economic Management Information System of Enterprises Based on VC++ Technology

Development and Application of Economic Management Information System of Enterprises Based on VC++ Technology

SQL Injections through Back-End of RFID System

Fragmented malware through RFID and its defenses

Contact Info

Product

Resources

About