Today I've seen two white papers on a technique called SQL Injection for exploiting databases via web pages. One of the papers was pretty much a step by step tutorial on how to reverse engineer data structures and have your way with a SQL Server database via ASP pages.
Both papers were ASP/SQL Server centric. But in my quick reads, I didn't see anything that made me think it would not work against many HTML forms backed by CGI scripts hitting Oracle databases that I've seen. Am I missing something? -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Robert Eskridge INET: [EMAIL PROTECTED] Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
