New form of sql injection hack documented
Date: Fri, 25 Apr 2008 10:07:39 -0400
FYI yesterday, david litchfield released a paper describing how a sql injection attack could be done on a pl/sql routine that does dynamic statement creation, even if the routine has no parameters and no user interaction.
it's an interesting read.
Matt Adams - GE Consumer and Industrial
It will make sense as soon as you stop thinking logically and start thinking oracle-ly. - Jim Droppa
http://www.freelists.org/webpage/oracle-l Received on Fri Apr 25 2008 - 09:07:39 CDT