Smokey's Security Weblog

veritas odium parit

New way to hack Oracle database

Security researcher David Litchfield has released technical details of a new type of attack that could give a hacker access to an Oracle database.

Called a lateral SQL injection, the attack could be used to gain database administrator privileges on an Oracle server in order to change or delete data or even install software, Litchfield said in an interview on Thursday.

In a SQL injection, attackers create specially crafted search terms that trick the database into running SQL commands. Previously, security experts thought that SQL injections would only work if the attacker was inputting character strings into the database, but Litchfield has shown that the attack can work using new types of data, known as date and number data types.

Full article: NetworkWorld
Paper with technical details: David Litchfield

Advertisements

April 28, 2008 - Posted by | Advisories, Alerts, Friends, Malware, News, Recommended External Security Related Links, Vulnerabilities | , , , , , , ,

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: