Friday, April 25, 2008

Oracle PLSQL Number Datatype Exploit

Researcher finds new way to hack Oracle database
'Lateral SQL injection' details released in paper

Security researcher David Litchfield has released technical details of a new type of attack that could give a hacker access to an Oracle database.

...

Litchfield's attack targets the Procedural Language/SQL programming language used by Oracle developers.

...

"If you happen to be using Oracle and you write your own applications on it, then yes, you could be writing vulnerable code," he said.

...