WebApp Sec mailing list archives
Re: PL/SQL web application
From: naka <naka () vv-security com>
Date: Wed, 29 Jan 2003 14:35:30 +0900
Try requesting /_admin/ after the PL/SQL mapping. This is the default administration application location. NGS Software has a good paper on Oracle tricks that would probably interest you.
thanx. I found a vulnerability that was described in the NGS's paper. # very vulnerable... But I have another question. As I said in my previous email, my target web site doesn't sanitize any input. This means that PL/SQL doesn't have a sanitizing function? I can't use regexp in PL/SQL? If so, I think that PL/SQL isn't suitable for web application. thank you. -- naka <naka () vv-security com>
Current thread:
- PL/SQL web application naka (Jan 28)
- Re: PL/SQL web application Kevin Spett (Jan 28)
- Re: PL/SQL web application naka (Jan 28)
- Re: PL/SQL web application Kevin Spett (Jan 28)