SQLSnoop Attack Exploits Database System Views to Intercept Plaintext Passwords Before Hashing
By
HackMoN Ai
Summary
This article details a SQL injection attack technique called "SQLSnoop" that exploits database system views (Oracle's v$sql and PostgreSQL's pg_stat_activity) to capture plaintext passwords even when they are hashed within SQL queries. The attack requires VIEW SERVER STATE permission and works by injecting a loop with DBMS_LOCK.SLEEP to monitor active SQL statements containing password hashing functions like STANDARD_HASH, allowing attackers to intercept the plaintext password before it gets hashed. The article discusses mitigation strategies including revoking unnecessary permissions and restricting access to system views.
Source
bskySQLSnoop Attack Exploits Database System Views to Intercept Plaintext Passwords Before Hashingundercodetesting.comKey quotes
· 3 pulledRequires `VIEW SERVER STATE` permission. However, many legacy applications grant this to the web app user.
Both Oracle and PostgreSQL expose active SQL through system views, making them vulnerable.
Oracle's `v$sql` retains completed queries for a short duration, while PostgreSQL's `pg_stat_activity` shows currently running statements.
You might also wanna read

WAF - WAF Release - 2026-06-15

WAF - WAF Release - 2026-06-09

WAF - WAF Release - 2025-07-14
Common SQL Anti-Patterns That Impact Performance and Maintainability
This article discusses common SQL anti-patterns that negatively impact query performance and maintainability in enterprise software environm

WAF - WAF Release - 2025-10-06


Comments
Sign in to join the conversation.
No comments yet. Be the first.