[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] A New Class of Vulnerability in Oracle: Lateral SQL Injection

To: n3td3v@xxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] A New Class of Vulnerability in Oracle: Lateral SQL Injection
From: Ureleet <ureleet@xxxxxxxxx>
Date: Thu, 24 Apr 2008 17:30:16 -0400

so did u or didnt u cancel it?  please make up ur mind so we know whether to
post anything on may 1 or not.
i support the "take a day off from fd" day on may 1.

On Thu, Apr 24, 2008 at 4:32 PM, n3td3v <xploitable@xxxxxxxxx> wrote:

>
> On Thu, Apr 24, 2008 at 5:49 PM, David Litchfield
> <davidl@xxxxxxxxxxxxxxx> wrote:
> > Hey all,
> >  I've just released some research that demonstrates a new class of
> >  vulnerability in Oracle and how it can be exploited by an attacker. You
> can
> >  grab the paper from here:
> >  http://www.databasesecurity.com/dbsec/lateral-sql-injection.pdf
> >  Cheers,
> >  David Litchfield
> >  NGSSoftware Ltd
> >  http://www.ngssoftware.com/
> >  http://www.davidlitchfield.com/blog
> >
>
> Thanks for waiting until Web Application Security Awareness Day,
>
> All the best,
>
> n3td3v
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] A New Class of Vulnerability in Oracle: Lateral SQL Injection
  - From: David Litchfield
- Re: [Full-disclosure] A New Class of Vulnerability in Oracle: Lateral SQL Injection
  - From: n3td3v

Prev by Date: Re: [Full-disclosure] A New Class of Vulnerability in Oracle: Lateral SQL Injection
Next by Date: Re: [Full-disclosure] May 1
Previous by thread: Re: [Full-disclosure] A New Class of Vulnerability in Oracle: Lateral SQL Injection
Next by thread: Re: [Full-disclosure] A New Class of Vulnerability in Oracle:Lateral SQL Injection
Index(es):
- Date
- Thread