DBMS_XMLSTORE and DBMS_XMLSAVE

• From: <david@xxxxxxxxxxxxxxxxxxxx>
• To: <oracle-l@xxxxxxxxxxxxx>
• Date: Sun, 20 Jul 2014 12:35:53 +0100

Hello all,
Both DBMS_XMLSTORE and DBMS_XMLSAVE have functions that can be used as 
auxiliary injection functions in a PL/SQL injection attack. Consider revoking 
the execute permission from public to help prevent abuse. Details in the paper: 
http://www.davidlitchfield.com/DBMS_XMLSTORE_PLSQL_Injection.pdf
Cheers,
David

Other related posts:

• » DBMS_XMLSTORE and DBMS_XMLSAVE - david

1. Home
2. oracle-l
3. Archive
4. 07-2014

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---