[18334] in bugtraq
Re: Oracle WebDb engine brain-damagse
daemon@ATHENA.MIT.EDU (Michal Zalewski)
Fri Dec 22 18:51:57 2000
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.LNX.4.30.0012221145200.25893-100000@dione.ids.pl>
Date: Fri, 22 Dec 2000 11:46:56 +0100
Reply-To: Michal Zalewski <lcamtuf@DIONE.IDS.PL>
From: Michal Zalewski <lcamtuf@DIONE.IDS.PL>
X-To: "McAllister, Andrew" <McAllisterA@UMSYSTEM.EDU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.30.0012220207210.25893-100000@dione.ids.pl>
On Fri, 22 Dec 2000, Michal Zalewski wrote:
> I believe you can do at least one of these possibilities:
>
> - SELECT <pattern> INTO <sth> FROM <table> to move sensitive data
> from some private table to publicly available tables used eg. for
> direct contents rendering,
This one should work fine...
> - call WebDB output procedures to produce output (you can use full
> PL/SQL language syntax, including loops, declarations etc).
This one as well. I've just checked, no problems: you can call
owa_util.tableprint(...) and other output procedures :)
--
_______________________________________________________
Michal Zalewski [lcamtuf@tpi.pl] [tp.internet/security]
[http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:
=--=> Did you know that clones never use mirrors? <=--=
