Advanced Sql Injection In Oracle Databases

Articles Metasploit Framework Windows Tutorial Remote Desktop Connection Windows Processes That May Be Dangerous How-To use NetCat a Tutorial Common Linux Commands Common Ports Netcat Commands HTTP Response Codes War-Google Hack Terms Wardriving Avoiding Social Engineering and Phishing Attacks Intrusion Detection on Linux Linux Intrusion Detection Penetration Testing Guide Penetration Testing Tools Social Engineering Fundamentals, Part I: Hacker Tactics Social engineering (computer security) The Psychology of Social Engineering The Archives General GSO GovernmentSecurity.org News & Suggestions In The News Open Topic General Security Information Trash Can Exploit & Vulnerability Mailing List Archives Trial Member Forum Product and Program Reviews GSO Tutorials System Security Windows Systems Beginners Section Linux & Unix Systems File Downloads Exploit Research & Discussion Trojan & Virus Errata Networking Security / Firewall / IDS / VPN / Routers System Hardening E-Mail Security Wifi Security Trial Member Uploads Upload discovered Trojans & Mal ware GSO Programming Section C , C++ , VC++ Visual Basic .NET Perl /CGI Java/Javascript PHP/XML/ASP/HTML Assembly + Other The Cork Board Network Security Consultant Directory Network Security Jobs The Archives Encryption Information General Network Security Internet Anonymity HTTP Protocol Security Linux Security MS IIS Information Exploit Articles Programming / Tool Design GSO Software Projects Public Downloads Microsoft Security Questions and Papers		Help - Search - Member List - Calendar Full Version: Advanced Sql Injection In Oracle Databases GovernmentSecurity.org > System Security > System Hardening forza Feb 7 2005, 11:19 AM This presentation is about new ways to exploit SQL Injection vulnerabilities in Oracle Databases. It shows, with working examples, many ways in that the Oracle database security could be bypassed and how to protect from these threats. hxxp://security-papers.globint.com.ar/oracle_security/sql_injection_in_oracle.php lev Feb 9 2005, 09:29 PM QUOTE(forza @ Feb 7 2005, 11:19 AM) This presentation is about new ways to exploit SQL Injection vulnerabilities in Oracle Databases. It shows, with working examples, many ways in that the Oracle database security could be bypassed and how to protect from these threats. hxxp://security-papers.globint.com.ar/oracle_security/sql_injection_in_oracle.php This is good stuff, including some working exploits: BufferOverflowExploit_CreatingSYSDBAUser.sql BufferOverflowExploit_GettingOSAdmin.sql BufferOverflowExploit_SDO_CODE_SIZE_10g.sql SQLInjectionBecomingSYS.sql SQLInjectionExecutingOSCommand.sql SQLInjectionLimitation.sql SQLInjectionUploadingAFile.sql SQLInjectionVulCurUsr.sql BTW - Check out the Oracle / DB2 tools from Johnny Cyberpunk A small database fingerprinting toolset for db2 and oracle. QUOTE the tools in this package can help a pentester or admin to fingerprint remote db2 and oracle servers for their version/os etc. THCORAVER gives to following output: ----------------------------------------------- THCoraver v0.1 - Oracle Version Fingerprinter coding jcyberpunk@thc.org ----------------------------------------------- Query for : 10.65.101.60 in progress...pleaze wait! TNSLSNR for Solaris: Version 9.2.0.4.0 - Production TNS for Solaris: Version 9.2.0.4.0 - Production Unix Domain Socket IPC NT Protocol Adaptor for Solaris: Version 9.2.0.4.0 - Production Oracle Bequeath NT Protocol Adapter for Solaris: Version 9.2.0.4.0 - Production TCP/IP NT Protocol Adapter for Solaris: Version 9.2.0.4.0 - Production hxxp://thc.org/root/tools/THCDBFP.zip This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here. Invision Power Board © 2001-2005 Invision Power Services, Inc.