PL/SQL Injection From Web


This video demonstrates how ‘vulnerable’ Oracle Application Servers can be compromised using OAP_Hacker.pl script. This vulnerability was patched by Oracle in 2006. The idea here is to demonstrate exploitation of PL/SQL injection from web applications. In most instances a PL/SQL Injection in Oracle web app, will result in OS code execution.