PL/SQL Attack: New Way to Hack into Oracle
David Litchfield, Database Security Researcher, documented SQL injection attack, which can be used against the Oracle database, as reported on April 29, 2008 by InformationWeek.
According to Litchfield, for conducting this attack, the attacker needs a database account, proving that this kind of attack cannot occur in normal atmosphere but only in research lab.
Erich Maurice, Manager, Security, Global Technology Unit, Oracle, said that a blog from Litchfield revealed that attacker can easily place "a lateral SQL injection" attack in database by using PL/SQL query language of Oracle. He warned database developers that attackers are capable enough to place an attack in database application, as per the news reported on April 29, 2008 by InformationWeek.
» SPAMfighter News - 08-05-2008