Just came across a paper called "Cursor Injection - A New Method for Exploiting PL/SQL Injection and Potential Defences" of David Litchfield.
It shows once more that writing proper code is important, as is getting your database to the right patch level.
--
Off topic: Carl Backstrom blogged about a music clip called "Code Monkey" here. You should see it, it's fantastic!
--
Saturday, March 03, 2007
SQL injection? No, Cursor injection
Posted by Dimitri Gielis at 11:14
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment