"Oracle's RDBMS, a leading database server package, supports stored packages
and procedures through the use of PL/SQL. These packages and procedures can
be accessed through Oracle's Application Server's Portal module. Oracle
Application Server is a web server designed for Oracle applications. Many of
the PL/SQL packages and procedures are vulnerable to SQL Injection. Using
these vulnerabilities an unauthenticated attacker can gain access to all
data in the database from the Internet." – ngssoftware.com
Oracle Application Server 9i and RDBMS Multiple SQL Injection Vulnerabilities
Favorite Links
- Security Templates (New)
- The Web Application Security Consortium
- QA Security
- The Web Security Mailing List
- Romain Gaucher’s Blog
- Jeremiah Grossman’s Blog
Popular Pages
WASC Threat Classification
- Abuse of Functionality
- Application Misconfiguration
- Brute Force Attack
- Content Spoofing
- Credential/Session Prediction
- Denial of Service
- Directory Indexing
- Information Leakage
- Remote File Inclusion Attack
- Routing Detour Attack
- SOAP Array Abuse
- XML Attribute Blowup
- XML Injection
- XML External Entity Attack