April 2008 - Posts

Lateral SQL injection in Oracle

David Litchfield has just released a paper, showing that it is possible to do SQL injection using DATE or even NUMBER data types to exploit a PL/SQL procedure in Oracle RDBMS! The attacker can exploit a PL/SQL procedure that doesn't even take user input!

The trick is to apply an ''ALTER SESSION SET NLS_DATE_FORMAT'' command in order to change the NLS variable such that the PL/SQL compiler will accept an arbitrary SQL as a ''DATE'' (even though it is not).

=== For more information ===

~ Lateral SQL Injection: A New Class of Vulnerability in Oracle


Microsoft Chief Software Architect Ray Ozzie talks open source, mesh

Microsoft Chief Software Architect Ray Ozzie says the company has been dramatically changed by open source and the concept of using the Web as a hub. So, here's more to go.