lateral sql injection

so litchfield just posted a pdf on what he calls lateral sql injection...

basically, the attack focuses on situations where you can affect a function which doesn't take any parameters. normally you'd assume such functions were immune to attack. but he takes a side-channel approach and alters the output of internal commands called by the function which are used in sql queries.

as he says at the end of the paper, the attack vector probably isn't going to be seen all that often. i'm def not a sql/db expert, but it seems like you'd need a decent amount of knowledge about the underlying code being used in a system to attack it via lateral sql injection... of course, there are probably some really common stored procedures, and perhaps an attacker could make reasonable guesses as to what a developer called in his or her code...

anywho, it's always fun to see people looking at things in new ways...