Re: FW: [VulnWatch] Multiple high risk vulnerabilities in Oracle RDBMS 10g/9i
- From: ryan_gaffuri@xxxxxxxxxxx
- To: oracle_list@xxxxxxxxxxxxxxxxxxxxxxxxx, oracle-l@xxxxxxxxxxxxx
- Date: Tue, 18 Jan 2005 21:17:25 +0000
i was under the impression(apparently wrong) that if you use bind variables,
sql injection wont work. the only way i know to get sql injection to work is to
dummy up the quotes to manipulate the where clause?
-------------- Original message --------------
> Hi Ruth,
>
> This is related to the first quarterly patch set release. NGS are
> probably one of many researchers who have found security bugs that
--
//www.freelists.org/webpage/oracle-l
Other related posts:
