Old 04-25-2008, 12:10 PM Offline   #1 (permalink)



 
coolmanhiphop's Avatar
Mr. News Guy
 
Since: Nov 2007
Posts: 109,399
Rank:
Uploads: 0
eCash: $500
Thank Meter: 9973

coolmanhiphop started pushin nickels an dimescoolmanhiphop started pushin nickels an dimescoolmanhiphop started pushin nickels an dimescoolmanhiphop started pushin nickels an dimescoolmanhiphop started pushin nickels an dimescoolmanhiphop started pushin nickels an dimescoolmanhiphop started pushin nickels an dimescoolmanhiphop started pushin nickels an dimescoolmanhiphop started pushin nickels an dimescoolmanhiphop started pushin nickels an dimescoolmanhiphop started pushin nickels an dimes
Rep Power: 2076
Default New Attack Exploits "Safe" Oracle Inputs

Trailrunner7 writes "Database security super-genius David Litchfield has found a way to manipulate common Oracle data types, which were not thought to be exploitable, and inject arbitrary SQL commands. The new method shows that you can no longer assume any data types are safe from attacker input, regardless of their location or function. Litchfield wrote, "In conclusion, even those functions and procedures that don't take user input can be exploited if SYSDATE is used. The lesson here is always, always validate and prevent this type of vulnerability getting into your code. The second lesson is that no longer should DATE or NUMBER data types be considered as safe and not useful as injection vectors: as this paper[PDF] has proved, they are," he writes."
Read more of this story at Slashdot.
</img>


More...
 
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Sequel to "Traveling Pants" considered safe bet (Reuters) coolmanhiphop RSS Feeds 0 08-04-2008 05:20 AM
New Attack Exploits "Safe" Oracle Inputs coolmanhiphop Feeds 0 04-26-2008 09:50 AM
Safe To Say "He Didn't Make It" (21+ Thread) IIndHand The Corner 43 04-18-2008 08:35 AM
"Friday Night Lights," "The Wire" and "NYPD Blue" Stars Cast in Flea's 'Lower Ninth' coolmanhiphop RSS Feeds 0 01-17-2008 02:30 PM
:":":":":":":":10 Minute Friday Night Prop Thread:":":":":":":": matrixixix The Corner 22 09-23-2005 05:47 PM


All times are GMT -8. The time now is 05:31 AM.

Archive:


Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.3.2 © 2009, Crawlability, Inc.
Hip Hop Universe 2005-Forever