WebApp Sec mailing list archives
Re: Oracle SQL Injection
From: Cesar <cesarc56 () yahoo com>
Date: Tue, 11 Jul 2006 15:53:12 -0700 (PDT)
Hi. Here you can also find SQL Injection exploits and papers: http://www.argeniss.com/research.html Cesar. --- Tim <tim-security () sentinelchicken org> wrote:
Mark,It appears that Oracle does not like this type ofsyntax where we areappending an UPDATE onto an existing SELECTstatement. Could someone pleasepoint me in the right direction on how to executethese type of commands.I should also say that the application appears tobe replacing a semicolonwith a coma.Have you tried using sub queries? Also, check out these (if you haven't already seen them): http://www.securityfocus.com/infocus/1644 http://www.securityfocus.com/infocus/1646 good luck, tim
-------------------------------------------------------------------------
Sponsored by: Watchfire Cross-Site Scripting (XSS) is one of the most common application-level attacks that hackers use to sneak into web applications today. This whitepaper will discuss how traditional CSS attacks are performed, how to secure your site against these attacks and check if your site is protected. Cross-Site Scripting Explained - Download this whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmr
--------------------------------------------------------------------------
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------------------------- Sponsored by: Watchfire Cross-Site Scripting (XSS) is one of the most common application-level attacks that hackers use to sneak into web applications today. This whitepaper will discuss how traditional CSS attacks are performed, how to secure your site against these attacks and check if your site is protected. Cross-Site Scripting Explained - Download this whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmr --------------------------------------------------------------------------
Current thread:
- Oracle SQL Injection Mark Keegan (Jul 11)
- Re: Oracle SQL Injection Tim (Jul 11)
- Re: Oracle SQL Injection Cesar (Jul 11)
- Re: Oracle SQL Injection Andrew van der Stock (Jul 11)
- RE: Oracle SQL Injection Mark Keegan (Jul 12)
- Re: Oracle SQL Injection Tim (Jul 12)
- RE: Oracle SQL Injection Mark Keegan (Jul 12)
- RE: Oracle SQL Injection Integrigy (Jul 12)
- Re: Oracle SQL Injection Tim (Jul 11)