WebApp Sec mailing list archives
Re: PL/SQL web application
From: "Kevin Spett" <kspett () spidynamics com>
Date: Tue, 28 Jan 2003 10:38:38 -0500
Try requesting /_admin/ after the PL/SQL mapping. This is the default administration application location. NGS Software has a good paper on Oracle tricks that would probably interest you. Kevin Spett SPI Labs http://www.spidynamics.com/ ----- Original Message ----- From: "naka" <naka () vv-security com> To: <webappsec () securityfocus com> Sent: Tuesday, January 28, 2003 9:08 AM Subject: PL/SQL web application
Hello, I'm now auditing web application that is written in PL/SQL(OAS). That application does not sanitize any inputs from clients. So I think that application has some serious vulnerabilities. Anyone have any informations about PL/SQL specific web vulnerability? -- naka <naka () vv-security com>
Current thread:
- PL/SQL web application naka (Jan 28)
- Re: PL/SQL web application Kevin Spett (Jan 28)
- Re: PL/SQL web application naka (Jan 28)
- Re: PL/SQL web application Kevin Spett (Jan 28)