Blind SQL Injection Vulnerabilities reported to Oracle Corporation

Editorial_Staff_Team's picture

Blind SQL Injection Vulnerabilities reported to Oracle Corporation

The well known Vulnerability Laboratory Researcher Shadab Siddiqui (23) from Indian has discovered this week a remote vulnerability with critical severity to oracle. Oracle Corporation (NASDAQ: ORCL) is an american multi-national computer technology corporation that specializes in developing and marketing computer hardware systems and enterprise software products – particularly database management systems.


Shadab Siddiqui disovered multiple remote blind SQL Injection vulnerabilities on different parts of the Oracle web infrastructure. The vulnerability allows an attacker (remote) to inject/execute own sql commands on the affected application dbms. Successful exploitation of the vulnerability results in dbms, service & application compromise. The vulnerabilities are located on the shop, campus, education & academy service of oracle.

Affected Service(s):





With coordination of the oracle security team (Steve M.) the issue has been fixed quickly on all instances of the different web service.

The hotfix on the web-servers has been released within 12 days after the issue has been analysed by oracle security & reported after the report of the vulnerability laboratory team.

[+] 2012-03-28: Vendor Notification

[+] 2012-03-29: Vendor Response/Feedback

[+] 2012-04-11: Vendor Fix/Patch

[+] 2012-04-12: Public or Non-Public Disclosure



Rate this article: 
Average: 2.5 (4 votes)

Add new comment

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.