Hi.
Here you can also find SQL Injection exploits and
papers:
http://www.argeniss.com/research.html
Cesar.
--- Tim <tim-security@sentinelchicken.org> wrote:
Mark,
It appears that Oracle does not like this type of
syntax where we are
appending an UPDATE onto an existing SELECT
statement. Could someone please
point me in the right direction on how to execute
these type of commands.
I should also say that the application appears to
be replacing a semicolon
with a coma.
Have you tried using sub queries?
Also, check out these (if you haven't already seen
them):
http://www.securityfocus.com/infocus/1644
http://www.securityfocus.com/infocus/1646
good luck,
tim
-------------------------------------------------------------------------
Sponsored by: Watchfire
Cross-Site Scripting (XSS) is one of the most common
application-level
attacks that hackers use to sneak into web
applications today. This
whitepaper will discuss how traditional CSS attacks
are performed, how to
secure your site against these attacks and check if
your site is protected.
Cross-Site Scripting Explained - Download this
whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmr
--------------------------------------------------------------------------
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
-------------------------------------------------------------------------
Sponsored by: Watchfire
Cross-Site Scripting (XSS) is one of the most common application-level
attacks that hackers use to sneak into web applications today. This
whitepaper will discuss how traditional CSS attacks are performed, how to
secure your site against these attacks and check if your site is protected.
Cross-Site Scripting Explained - Download this whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmr
--------------------------------------------------------------------------
