Database security expert David Litchfield has published details of a new type of database attack technique. Lateral SQL injection creates a means for hackers to access database data or inject hostile code onto vulnerable systems.

Exploitation is difficult and only possible in limited circumstances, Litchfield notes. Nonetheless, the discovery of the approach - a variant on earlier attack methods - means that database admins can no longer consider DATE or NUMBER data types safe from attack. Lateral SQL injection is a variant of SQL injection attacks, one of the most common methods for attacking database systems.

Litchfield first outlined the new approach during a presentation at the Black Hat security conference in Washington in late February. He published details of the approach in a paper pdf last week.

**Hidden Content: To see this hidden content your post count must be 15 or greater.**