DBMS_XMLSTORE and DBMS_XMLSAVE
From: <david_at_databasesecurity.com>
Date: Sun, 20 Jul 2014 12:35:53 +0100
Message-ID: <B3710782430043F5B647F0547591B670_at_NAUTILUS>
Hello all,
Both DBMS_XMLSTORE and DBMS_XMLSAVE have functions that can be used as auxiliary injection functions in a PL/SQL injection attack. Consider revoking the execute permission from public to help prevent abuse. Details in the paper: http://www.davidlitchfield.com/DBMS_XMLSTORE_PLSQL_Injection.pdf Cheers,
David
Date: Sun, 20 Jul 2014 12:35:53 +0100
Message-ID: <B3710782430043F5B647F0547591B670_at_NAUTILUS>
Hello all,
Both DBMS_XMLSTORE and DBMS_XMLSAVE have functions that can be used as auxiliary injection functions in a PL/SQL injection attack. Consider revoking the execute permission from public to help prevent abuse. Details in the paper: http://www.davidlitchfield.com/DBMS_XMLSTORE_PLSQL_Injection.pdf Cheers,
David
-- http://www.freelists.org/webpage/oracle-lReceived on Sun Jul 20 2014 - 13:35:53 CEST