Friday, April 25, 2008

Oracle PLSQL Number Datatype Exploit

Researcher finds new way to hack Oracle database
'Lateral SQL injection' details released in paper

Security researcher David Litchfield has released technical details of a new type of attack that could give a hacker access to an Oracle database.


Litchfield's attack targets the Procedural Language/SQL programming language used by Oracle developers.


"If you happen to be using Oracle and you write your own applications on it, then yes, you could be writing vulnerable code," he said.


1 comment:

  1. A lot of SQL Injections like those can be prevented by following best security practices when coding. Basic security would be ensuring input is validated and paramaterizing input statements, and there's a good video on how to do that here