Cursor Injection – A NewMethod for Exploiting PL/SQL Injection and Potential Defences
David Litchfield has a new paper out that is interesting as it shows how PLSQL injection can be carried out using only the CREATE SESSION privilege as well as utilising the Cursor Snarfing concept. It is called
“Cursor Injection – A New Method for Exploiting PL/SQL Injection and Potential Defences”
And is from this URL:
http://www.databasesecurity.com/dbsec/cursor-injection.pdf
I have read through the paper already and tested the code on 10gR1SPARC64 and found the PoC to be effective.
