[Full-disclosure] A New Class of Vulnerability in Oracle: Lateral SQL Injection
n3td3v
xploitable at gmail.com
Thu Apr 24 21:32:43 BST 2008
On Thu, Apr 24, 2008 at 5:49 PM, David Litchfield
<davidl at ngssoftware.com> wrote:
> Hey all,
> I've just released some research that demonstrates a new class of
> vulnerability in Oracle and how it can be exploited by an attacker. You can
> grab the paper from here:
> http://www.databasesecurity.com/dbsec/lateral-sql-injection.pdf
> Cheers,
> David Litchfield
> NGSSoftware Ltd
> http://www.ngssoftware.com/
> http://www.davidlitchfield.com/blog
>
Thanks for waiting until Web Application Security Awareness Day,
All the best,
n3td3v
Full-Disclosure is hosted and sponsored by Secunia.