Bugtraq mailing list archives
Re: Oracle WebDb engine brain-damagse
From: "sporty o'one" <sporty () SPORTY ORG>
Date: Fri, 22 Dec 2000 10:50:15 +0000
On Wed, 20 Dec 2000, McAllister, Andrew wrote:This is not to say that you can't issue some dangerous commands as you suggest, just that you won't see any data as a result. Also, I believe that only data manipulation commands will work in this context e.g. delete, update, insert. I don't believe definition commands will work, e.g. drop, create. Again I don't have WebDB, so I cannot verify.I believe you can do at least one of these possibilities: - SELECT <pattern> INTO <sth> FROM <table> to move sensitive data from some private table to publicly available tables used eg. for direct contents rendering,
Just to aggravate the scratch, SELECT table_name FROM user_tables
- call WebDB output procedures to produce output (you can use full PL/SQL language syntax, including loops, declarations etc).
i think the plsql is dbms_output or something. point being you can do plsql with cursors and get what you want =)
Current thread:
- Oracle WebDb engine brain-damagse Michal Zalewski (Dec 20)
- <Possible follow-ups>
- Re: Oracle WebDb engine brain-damagse Michal Zalewski (Dec 20)
- Re: Oracle WebDb engine brain-damagse McAllister, Andrew (Dec 20)
- Re: Oracle WebDb engine brain-damagse Michal Zalewski (Dec 22)
- Re: Oracle WebDb engine brain-damagse sporty o'one (Dec 22)
- Re: Oracle WebDb engine brain-damagse Michal Zalewski (Dec 22)
- Re: Oracle WebDb engine brain-damagse Michal Zalewski (Dec 22)
- Re: Oracle WebDb engine brain-damagse Kuznetsov, Vasily (Dec 21)