Researcher finds new way to hack Oracle database

"Security researcher David Litchfield has released technical details of a new type of attack that could give a hacker access to an Oracle database.

Called a lateral SQL injection, the attack could be used to gain database administrator privileges on an Oracle server in order to change or delete data or even install software, Litchfield said in an interview on Thursday."