Dangling Database Cursor ('Cursor Injection')
|ID: 619||Date: (C)2012-05-14 (M)2012-11-08|
|Type: weakness||Status: INCOMPLETE|
|Abstraction Type: Base|
If a database cursor is not closed properly, then it could
become accessible to other users while retaining the same privileges that were
originally assigned, leaving the cursor "dangling."
Extended DescriptionFor example, an improper dangling cursor could arise from unhandled
exceptions. The impact of the issue depends on the cursor's role, but SQL
injection attacks are commonly possible.
Applicable PlatformsLanguage: SQL
Time Of Introduction
|ConfidentialityIntegrity ||Read application
data || |
|Implementation || ||Close cursors immediately after access to them is complete. Ensure
that you close cursors if exceptions occur. || || |
|CWE-619 ChildOf CWE-896 ||Category ||CWE-888 || |
White Box Definitions None
Black Box Definitions None
- David Litchfield .The Oracle Hacker's Handbook.
- David Litchfield .Cursor Injection.