Security expert, David Litchfield, has published details of a new type of attack that could give a hacker access to an Oracle database.

Dubbed a lateral SQL injection, Litchfield claims the attack could be used to gain database administrator privileges on an Oracle server in order to change or delete data or even install software.

Litchfield famously revealed the attack at the Black Hat Washington conference last February, but has now published a paper with technical details. Security experts thought that SQL injections would only work if the attacker was inputting character strings into the database. Litchfield uses an attack using new types of data, known as date and number data types.

Litchfield's attack targets the Procedural Language/SQL programming language used by Oracle developers.