Full Disclosure: Re: A New Class of Vulnerability in Oracle: Lateral SQL Injection

Re: A New Class of Vulnerability in Oracle: Lateral SQL Injection

From: Ureleet <ureleet () gmail com>
Date: Thu, 24 Apr 2008 17:30:16 -0400

so did u or didnt u cancel it?  please make up ur mind so we know whether to
post anything on may 1 or not.
i support the "take a day off from fd" day on may 1.

On Thu, Apr 24, 2008 at 4:32 PM, n3td3v <xploitable () gmail com> wrote:


On Thu, Apr 24, 2008 at 5:49 PM, David Litchfield
<davidl () ngssoftware com> wrote:

Hey all,
 I've just released some research that demonstrates a new class of
 vulnerability in Oracle and how it can be exploited by an attacker. You

can

 grab the paper from here:
 http://www.databasesecurity.com/dbsec/lateral-sql-injection.pdf
 Cheers,
 David Litchfield
 NGSSoftware Ltd
 http://www.ngssoftware.com/
 http://www.davidlitchfield.com/blog


Thanks for waiting until Web Application Security Awareness Day,

All the best,

n3td3v

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

A New Class of Vulnerability in Oracle: Lateral SQL Injection David Litchfield (Apr 24)
- Re: A New Class of Vulnerability in Oracle: Lateral SQL Injection n3td3v (Apr 24)
  - Re: A New Class of Vulnerability in Oracle: Lateral SQL Injection Ureleet (Apr 24)
  - Re: A New Class of Vulnerability in Oracle:Lateral SQL Injection Fish, Patrick O HEC (Apr 24)