[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] A New Class of Vulnerability in Oracle:Lateral SQL Injection
- To: "n3td3v" <xploitable@xxxxxxxxx>, "David Litchfield" <davidl@xxxxxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxxx>, "n3td3v" <n3td3v@xxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] A New Class of Vulnerability in Oracle:Lateral SQL Injection
- From: "Fish, Patrick O HEC" <patrick.fish@xxxxxxxxxxxxxx>
- Date: Thu, 24 Apr 2008 14:25:41 -0700
I thought you cancelled it? I'm pretty sure he saw that, too. We were all
waiting for it.
-----Original Message-----
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of n3td3v
Sent: Thursday, April 24, 2008 1:33 PM
To: David Litchfield; full-disclosure@xxxxxxxxxxxxxxxxx; n3td3v
Subject: Re: [Full-disclosure] A New Class of Vulnerability in Oracle:Lateral
SQL Injection
On Thu, Apr 24, 2008 at 5:49 PM, David Litchfield
<davidl@xxxxxxxxxxxxxxx> wrote:
> Hey all,
> I've just released some research that demonstrates a new class of
> vulnerability in Oracle and how it can be exploited by an attacker. You
can
> grab the paper from here:
> http://www.databasesecurity.com/dbsec/lateral-sql-injection.pdf
> Cheers,
> David Litchfield
> NGSSoftware Ltd
> http://www.ngssoftware.com/
> http://www.davidlitchfield.com/blog
>
Thanks for waiting until Web Application Security Awareness Day,
All the best,
n3td3v
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/