From: Alexander Kornbrust
This blog entry will show a SQL Injection example based on a JSP application (tnx to Slavik) and Oracle 11.1.0.7. Oracle SQL Injection Cheat Sheet Sheet is available on our webpage.
With Oracle 11g, Oracle introduced some security enhancements by default, e.g. the ACL for PLSQL packages accessing the network. These packages are UTL_HTTP, UTL_INADDR, UTL_TCP, … Some old well known tricks like the usage of utl_inaddr are no longer working for non-DBAs in 11g… The following tutorial will show how to bypass these restrictions and will show some new tricks…
First we start with with a vulnerable webapp:
阅读全文
