Hi,
You're wrong. First of all, yes, is a preauth sql injection in an admin
console but, if you have privileges to connect to the Oracle Financials
instance, even as a normal unprivileged user, you have sufficient
privileges to access it. You don't need to have assigned the SYSADMIN
On Nov 1, 2007 9:36 AM, Joxean Koret [EMAIL PROTECTED] wrote:
First of all, yes, is a preauth sql injection in an admin
console but, if you have privileges to connect to the Oracle Financials
instance,
So as I said its 'post auth' sql injection but thanks for clarifying.
And second,
