This is a very interesting post by David Litchfield: http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0007.html The reason it makes such interesting reading is not because it bashes Oracle (which it does!), but because of what this illustrates about practicing secure coding techniques: 1. URL encoding hack: "Handling files incorrectly"(Not reducing file / URL / path names to canonical [...]
Recent Comments