New hacker trick may expose Oracle databases

March 1, 2007

[From CNET News.com]

A new attack technique increases the risk of commonly found bugs in Oracle's database software, a security researcher has warned.

It was previously thought that an attacker needed high-level privileges on the database to exploit so-called PL SQL injection vulnerabilities. With a new attack technique, that's no longer true, David Litchfield, a database security expert with NGS Software, said on Thursday at the Black Hat DC event here.

The article continues at http://news.com.com/New+hacker+trick+may+expose+Oracle+databases/2100-1002_3-6163545.html?tag=cd.top