Oracle security paper...
From: <david_at_databasesecurity.com>
Date: Tue, 31 Jan 2012 20:03:52 -0000
Message-ID: <9B965A07624A4F5EB063A2F92A25A574_at_NAUTILUS>
Hey all,
I’ve just written a paper that revisits lateral SQL injection but looks at how an attacker can exploit NUMBER concatenations to execute arbitrary SQL in PL/SQL applications. It’s not earth shattering research but worthwhile noting if you’re involved in PL/SQL development. http://www.accuvant.com/capability/accuvant-labs/security-research/lateral-sql-injection-revisited-exploiting-numbers Cheers,
David Litchfield
https://twitter.com/dlitchfield
Date: Tue, 31 Jan 2012 20:03:52 -0000
Message-ID: <9B965A07624A4F5EB063A2F92A25A574_at_NAUTILUS>
Hey all,
I’ve just written a paper that revisits lateral SQL injection but looks at how an attacker can exploit NUMBER concatenations to execute arbitrary SQL in PL/SQL applications. It’s not earth shattering research but worthwhile noting if you’re involved in PL/SQL development. http://www.accuvant.com/capability/accuvant-labs/security-research/lateral-sql-injection-revisited-exploiting-numbers Cheers,
David Litchfield
https://twitter.com/dlitchfield
-- http://www.freelists.org/webpage/oracle-lReceived on Tue Jan 31 2012 - 14:03:52 CST