Full Disclosure mailing list archives
Re: A New Class of Vulnerability in Oracle: Lateral SQL Injection
From: n3td3v <xploitable () gmail com>
Date: Thu, 24 Apr 2008 21:32:43 +0100
On Thu, Apr 24, 2008 at 5:49 PM, David Litchfield <davidl () ngssoftware com> wrote:
Hey all, I've just released some research that demonstrates a new class of vulnerability in Oracle and how it can be exploited by an attacker. You can grab the paper from here: http://www.databasesecurity.com/dbsec/lateral-sql-injection.pdf Cheers, David Litchfield NGSSoftware Ltd http://www.ngssoftware.com/ http://www.davidlitchfield.com/blog
Thanks for waiting until Web Application Security Awareness Day, All the best, n3td3v _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- A New Class of Vulnerability in Oracle: Lateral SQL Injection David Litchfield (Apr 24)
- Re: A New Class of Vulnerability in Oracle: Lateral SQL Injection n3td3v (Apr 24)
- Re: A New Class of Vulnerability in Oracle: Lateral SQL Injection Ureleet (Apr 24)
- Re: A New Class of Vulnerability in Oracle:Lateral SQL Injection Fish, Patrick O HEC (Apr 24)
- Re: A New Class of Vulnerability in Oracle: Lateral SQL Injection n3td3v (Apr 24)