David Litchfield has just published two chapters from his book The Oracle Hacker’s Handbook: Hacking and Defending Oracle.

Indirect Privilege Escalation (PDF)

In this chapter, David gives two examples, one with CREATE ANY TRIGGER and another with CREATE ANY VIEW to demonstrate how these privileges can be abused to gain DBA privileges. In fact, a user who […]

We are in the process of upgrading our Oracle E-Business Suite (EBS) from 11.0.3 to 11.5.10 (more on that later). So, I frequently visit the EBS Electronic Technical Reference Manual (eTRM) to browse and try to understand the data models, database design and APIs of some EBS modules. When I logged in this morning I […]

Think ANSI Standard SQL Is Fully Portable Between Databases? Think Again. See how identical queries against identically populated tables return different results on different RDBMSs. (tags: database oracle sqlserver […]

Recently, I came across the view v$reserved_words. I wanted to know more about this view, so I did a little research and the result was the following list of questions and answers.

What information does v$reserved_words give?

Up to Oracle database version 10g Release 1 (10.1), the definition of this view was:

This view gives a […]

Oracle SQL and PL/SQL Examples Organized by Topic (tags: oracle plsql sql) How to Become a Hacker […]

Jonathan wrote that “keep pouring cold water on everything” may not translate well because of the colloquialisms. This got me thinking about when I first arrived in the United States back in 1998. I thought I knew the English language very well. After all, I graduated from a well respected American university in Lebanon. Little […]