[dbsec] Re: Lateral SQL Injection Revisited - No Special Privs Required
- From: "Richard Slide" <richard.slide@xxxxxxxxx>
- To: "David Litchfield" <davidl@xxxxxxxxxxxxxxx>
- Date: Wed, 23 Jul 2008 14:22:16 +0200
Hi David,
compliment for your work....
anyway,
I try it on windows XP Professionl box and the Oracle is 10g_home1 and it is
Unpatched.
Cheers,
--Richard
On Mon, Jul 21, 2008 at 4:21 PM, David Litchfield <davidl@xxxxxxxxxxxxxxx>
wrote:
> Hey Richard,
>
> > I have try your POC in oracle 10.2.0 and
> > its seems dosen't work.
> > Do you have test it only in oracle 11 ?
>
> Nope - works on all of my boxes - 10gR1, 10gR2, and 11g
>
> What's your setup? 10gR2 on what OS? Are you fully patched? Unpatched?
>
>
> Cheers,
> David
>
> --
> E-MAIL DISCLAIMER
>
> The information contained in this email and any subsequent
> correspondence is private, is solely for the intended recipient(s) and
> may contain confidential or privileged information. For those other than
> the intended recipient(s), any disclosure, copying, distribution, or any
> other action taken, or omitted to be taken, in reliance on such
> information is prohibited and may be unlawful. If you are not the
> intended recipient and have received this message in error, please
> inform the sender and delete this mail and any attachments.
>
> The views expressed in this email do not necessarily reflect NGS policy.
> NGS accepts no liability or responsibility for any onward transmission
> or use of emails and attachments having left the NGS domain.
>
> NGS and NGSSoftware are trading names of Next Generation Security
> Software Ltd. Registered office address: 52 Throwley Way, Sutton, SM1
> 4BF with Company Number 04225835 and VAT Number 783096402
>
Other related posts:
