This paper will present a new class of attack, called SQL Smuggling. SQL Smuggling is a sub-class of SQL Injection attacks that rely on differences between contextual interpretation performed by the application platform and the database server. While numerous instances of SQL Smuggling are commonly known, it has yet to be examined as a discrete class of attacks, with a common root cause. The root cause in fact has not yet been thoroughly investigated; this research is a result of a new smuggling technique, presented in this paper. It is fair to assume that further study of this commonality will likely lead to additional findings in this area.

Cert/CC Statistics shows that 7120 Software Vulnerabilities were
Reported in 2006
· 194 SQL Injection Vulnerabilities were found on BugTraq
between 2005-jan and 2005-June
· Symantec highlights in its most recent Internet Security Threat
Report that Web vulnerabilities constituted 69 percent of 2,249
new vulnerabilities identified for the first half of 2006, with 78
percent of "easily exploitable" vulnerabilities residing within Web
applications.
· Directory Traversal is the 2nd most common attack on the
internet as of the 2nd half of 2005
· Roughly 63% of the Web application vulnerabilities can be
accounted for by 4 vulnerability classes: file inclusion, SQL
injection, cross-site scripting, and directory traversal

Table of Contents
Introduction 1
A Glance at Oracle APEX 4
-What is Oracle APEX?
-Architecture of Oracle APEX
-mod_plsql / XML DB HTTP
Oracle Database Permissions 7
-Invoker vs. Definer Rights
What Is SQL Injection? 8
-Introduction
-What Programming Languages are Vulnerable?
-Example: SQL Injection Exploitation
-SQL Injection Oracle vs. Other DBMS
PL/SQL Overview 12
-Introduction
-PL/SQL Data Types
-Procedures, Functions & Packages
-Executing Database Commands
-PL/SQL Triggers
-PL/SQL Cursors
PL/SQL Injection 21
-What is PL/SQL Injection?
-Injecting into a SELECT Query
-Injecting into DML
-Database Privilege Escalation
-Technique: Autonomous Transaction.

Larry, John, and Paul will explore the "Best Of" security tools. Part I will cover the best of network penetration testing tools. Six tools in total will be discussed, including a tip, trick, and/or use case for each one! Come learn about Nmap's IPv6 scanning, Cain & Abel's VoIP functionality, and much more!

1) Nmap - Worlds Best Port Scanner
2) Nessus - Vulnerability Scanner
3) Metasploit - Exploit framework
4) Pass-The-Hash - Who needs passwords?
5) Hydra - Brute force password guessing
6) Cain & Abel - The ultimate MITM utility
7) Spotlight - Core IMPACT.

This paper presents an automatic technique for creating inputs that expose SQLI and XSS vulnerabilities. The technique generates sample inputs, symbolically tracks taints through execution (including through database accesses), and mutates the inputs to produce concrete exploits. Ours is the first analysis of which we are aware that precisely addresses second-order XSS attacks.

Our technique creates real attack vectors, has few false positives, incurs no runtime overhead for the deployed application, works without requiring modification of application code, and handles dynamic programming-language constructs. We implemented the technique for PHP, in a tool Ardilla. We evaluated Ardilla on five PHP applications and found 68 previously unknown vulnerabilities (23 SQLI, 33 first-order XSS, and 12 second-order XSS).