Researcher finds new way to hack Oracle database

April 25, 2008

[From Computerworld, Inc.]

April 25, 2008 (IDG News Service) Security researcher David Litchfield has released technical details of a new type of attack that could give a hacker access to an Oracle database.

Called a lateral SQL injection, the attack could be used to gain database administrator privileges on an Oracle server in order to change or delete data or even install software, Litchfield said in an interview on Thursday.

The article continues at http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyId=9&articleId=9080378&intsrc=hm_topic