[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] A New Class of Vulnerability in Oracle: Lateral SQL Injection

To: "David Litchfield" <davidl@xxxxxxxxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxxx, n3td3v <n3td3v@xxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] A New Class of Vulnerability in Oracle: Lateral SQL Injection
From: n3td3v <xploitable@xxxxxxxxx>
Date: Thu, 24 Apr 2008 21:32:43 +0100

On Thu, Apr 24, 2008 at 5:49 PM, David Litchfield
<davidl@xxxxxxxxxxxxxxx> wrote:
> Hey all,
>  I've just released some research that demonstrates a new class of
>  vulnerability in Oracle and how it can be exploited by an attacker. You can
>  grab the paper from here:
>  http://www.databasesecurity.com/dbsec/lateral-sql-injection.pdf
>  Cheers,
>  David Litchfield
>  NGSSoftware Ltd
>  http://www.ngssoftware.com/
>  http://www.davidlitchfield.com/blog
>

Thanks for waiting until Web Application Security Awareness Day,

All the best,

n3td3v

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] A New Class of Vulnerability in Oracle: Lateral SQL Injection
  - From: Ureleet
- Re: [Full-disclosure] A New Class of Vulnerability in Oracle:Lateral SQL Injection
  - From: Fish, Patrick O HEC

References:
- [Full-disclosure] A New Class of Vulnerability in Oracle: Lateral SQL Injection
  - From: David Litchfield

Prev by Date: [Full-disclosure] [SECURITY] [DSA 1556-1] New perl packages fix denial of service
Next by Date: Re: [Full-disclosure] - CALL FOR PAPERS -
Previous by thread: [Full-disclosure] A New Class of Vulnerability in Oracle: Lateral SQL Injection
Next by thread: Re: [Full-disclosure] A New Class of Vulnerability in Oracle: Lateral SQL Injection
Index(es):
- Date
- Thread