Full Disclosure mailing list archives
Re: A New Class of Vulnerability in Oracle: Lateral SQL Injection
From: Ureleet <ureleet () gmail com>
Date: Thu, 24 Apr 2008 17:30:16 -0400
so did u or didnt u cancel it? please make up ur mind so we know whether to post anything on may 1 or not. i support the "take a day off from fd" day on may 1. On Thu, Apr 24, 2008 at 4:32 PM, n3td3v <xploitable () gmail com> wrote:
On Thu, Apr 24, 2008 at 5:49 PM, David Litchfield <davidl () ngssoftware com> wrote:Hey all, I've just released some research that demonstrates a new class of vulnerability in Oracle and how it can be exploited by an attacker. Youcangrab the paper from here: http://www.databasesecurity.com/dbsec/lateral-sql-injection.pdf Cheers, David Litchfield NGSSoftware Ltd http://www.ngssoftware.com/ http://www.davidlitchfield.com/blogThanks for waiting until Web Application Security Awareness Day, All the best, n3td3v
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- A New Class of Vulnerability in Oracle: Lateral SQL Injection David Litchfield (Apr 24)
- Re: A New Class of Vulnerability in Oracle: Lateral SQL Injection n3td3v (Apr 24)
- Re: A New Class of Vulnerability in Oracle: Lateral SQL Injection Ureleet (Apr 24)
- Re: A New Class of Vulnerability in Oracle:Lateral SQL Injection Fish, Patrick O HEC (Apr 24)
- Re: A New Class of Vulnerability in Oracle: Lateral SQL Injection n3td3v (Apr 24)