Three Tier Oracle Security in London ~ Paul M. Wright

(nix, oracle, java, www, cloud ) intersect (safety, security, reliability, integrity)

Three Tier Oracle Security in London ~ Paul M. Wright RSS Feed
 

Cursor Injection – A NewMethod for Exploiting PL/SQL Injection and Potential Defences

David Litchfield has a new paper out that is interesting as it shows how PLSQL injection can be carried out using only the CREATE SESSION privilege as well as utilising the Cursor Snarfing concept. It is called

“Cursor Injection – A New Method for Exploiting PL/SQL Injection and Potential Defences”

And is from this URL:
http://www.databasesecurity.com/dbsec/cursor-injection.pdf

I have read through the paper already and tested the code on 10gR1SPARC64 and found the PoC to be effective.

Leave a Reply

You must be logged in to post a comment.