From: "David Litchfield" <davidl@ngssoftware.com.>
To: <bugtraq@securityfocus.com.>, <dbsec@freelists.org.>
Subject: Cursor snarfing - a new class of vulnerability and attack in Oracle
Date: Mon, 27 Nov 2006 08:36:39 -0000
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset="iso-8859-1";
reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
X-OriginalArrivalTime: 27 Nov 2006 08:39:50.0343 (UTC) FILETIME=[9A1F6570:01C711FF]
X-Virus-Scanned: antivirus-gw at tyumen.ru
Hey all,
I've just written a paper detailing a fairly common PL/SQL programming error
related to cursors that leads to a new class of vulnerability in Oracle. You
can get a copy of the paper from http://www.databasesecurity.com/ .
Cheers,
David Litchfield
NGSSoftware Ltd
+44(0) 208 401 0070
http://www.ngssoftware.com/
