Re: FW: [VulnWatch] Multiple high risk vulnerabilities in Oracle RDBMS 10g/9i

  • From: ryan_gaffuri@xxxxxxxxxxx
  • To: oracle_list@xxxxxxxxxxxxxxxxxxxxxxxxx, oracle-l@xxxxxxxxxxxxx
  • Date: Tue, 18 Jan 2005 21:17:25 +0000

i was under the impression(apparently wrong) that if you use bind variables, 
sql injection wont work. the only way i know to get sql injection to work is to 
dummy up the quotes to manipulate the where clause? 
-------------- Original message -------------- 

> Hi Ruth, 
> This is related to the first quarterly patch set release. NGS are 
> probably one of many researchers who have found security bugs that 


Other related posts: