Re: A New Class of Vulnerability in Oracle:Lateral SQL Injection

["Fish, Patrick O HEC" <patrick.fish () usace army mil>]

I thought you cancelled it? I'm pretty sure he saw that, too. We were all
waiting for it.



-----Original Message-----
From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of n3td3v
Sent: Thursday, April 24, 2008 1:33 PM
To: David Litchfield; full-disclosure () lists grok org uk; n3td3v
Subject: Re: [Full-disclosure] A New Class of Vulnerability in Oracle:Lateral
SQL Injection

On Thu, Apr 24, 2008 at 5:49 PM, David Litchfield
<davidl () ngssoftware com> wrote:
> Hey all,
>  I've just released some research that demonstrates a new class of
>  vulnerability in Oracle and how it can be exploited by an attacker. You
can
>  grab the paper from here:
>  http://www.databasesecurity.com/dbsec/lateral-sql-injection.pdf
>  Cheers,
>  David Litchfield
>  NGSSoftware Ltd
>  http://www.ngssoftware.com/
>  http://www.davidlitchfield.com/blog

Thanks for waiting until Web Application Security Awareness Day,

All the best,

n3td3v

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/