[dbsec] Re: Lateral SQL Injection Revisited - No Special Privs Required

  • From: "Richard Slide" <richard.slide@xxxxxxxxx>
  • To: "David Litchfield" <davidl@xxxxxxxxxxxxxxx>
  • Date: Wed, 23 Jul 2008 14:22:16 +0200

Hi David,
compliment for your work....

I try it on windows XP Professionl box and the Oracle is 10g_home1 and it is



On Mon, Jul 21, 2008 at 4:21 PM, David Litchfield <davidl@xxxxxxxxxxxxxxx>

> Hey Richard,
> > I have try your POC in oracle 10.2.0 and
> > its seems dosen't work.
> > Do you have test it only in oracle 11 ?
> Nope - works on all of my boxes - 10gR1, 10gR2, and 11g
> What's your setup? 10gR2 on what OS? Are you fully patched? Unpatched?
> Cheers,
> David
> --
> The information contained in this email and any subsequent
> correspondence is private, is solely for the intended recipient(s) and
> may contain confidential or privileged information. For those other than
> the intended recipient(s), any disclosure, copying, distribution, or any
> other action taken, or omitted to be taken, in reliance on such
> information is prohibited and may be unlawful. If you are not the
> intended recipient and have received this message in error, please
> inform the sender and delete this mail and any attachments.
> The views expressed in this email do not necessarily reflect NGS policy.
> NGS accepts no liability or responsibility for any onward transmission
> or use of emails and attachments having left the NGS domain.
> NGS and NGSSoftware are trading names of Next Generation Security
> Software Ltd. Registered office address: 52 Throwley Way, Sutton, SM1
> 4BF with Company Number 04225835 and VAT Number 783096402

Other related posts: