Re: PL/SQL web application

[naka <naka () vv-security com>]

> Try requesting /_admin/ after the PL/SQL mapping.  This is the default
> administration application location.  NGS Software has a good paper on
> Oracle tricks that would probably interest you.


thanx.

I found a vulnerability that was described in the NGS's paper.
# very vulnerable...

But I have another question.

As I said in my previous email,
my target web site doesn't sanitize any input.
This means that PL/SQL doesn't have a sanitizing function?
I can't use regexp in PL/SQL?
If so, I think that PL/SQL isn't suitable for web application.

thank you.

--
naka <naka () vv-security com>