Go Back   Xisp.org Forums > Porn Password Cracking > Cracking Tutorials

Advanced SQL Injection in Oracle databases

Reply
Views: 3509 - Replies: 14  
Thread Tools Display Modes

Advanced SQL Injection in Oracle databases
Old 02-08-2005, 04:32 AM   #1
freeswan
Guest
 
Posts: n/a
Threads: 5107
Default Advanced SQL Injection in Oracle databases

Author: Esteban Martínez Fayó
Contact: secemf@yahoo.com.ar
Publish date: February 2005

This presentation is about new ways to exploit SQL Injection vulnerabilities in Oracle Databases. It shows, with working examples, many ways in that the Oracle database security could be bypassed and how to protect from these threats. It is based on the presentation that Esteban Martínez Fayó gave at G-con III conference (Mexico City), with new material and larger explanations.



Topics (37 slides):

* Introduction
* SQL Injection attacks
o How to exploit
o Exploit examples
o SQL Injection in functions defined with AUTHID CURRENT_USER
o How to get around the need for CREATE PROCEDURE privilege - Example
o How to protect
* Buffer overflow attacks
o How to exploit
o Exploit examples
o Detecting an attack
* Remote attacks using SQL Injection in a web application
o Exploit examples
o Web application worms
o How to protect
* Summary
* Conclusions

The presentation includes many proof of concept exploit examples of these topics.



You can download the Presentation HERE:

http://security-papers.globint.com.ar/ra.php?ir=http://security-papers.globint.com.ar/oracle_security/AdvancedSQLInjectionInOracleDatabases.zip



#XxXCrackers
  Reply With Quote

Old 02-08-2005, 08:12 AM   #2
slysnake
Cheshire Cat
 
slysnake's Avatar
 
slysnake is offline Offline
Join Date: Jan 2005
Posts: 5,507
Threads: 315
slysnake is on a distinguished road
Default

Hmmmmm....This is interesting
__________________
"How do you know I'm mad?" said Alice.
"You must be," said the Cat, "or you wouldn't have come here."
  Reply With Quote

Old 02-08-2005, 08:40 AM   #3
maxman
Guest
 
Posts: n/a
Threads: 5107
Default

thanks freeswan for the injection :)
  Reply With Quote

Old 02-08-2005, 02:52 PM   #4
freeswan
Guest
 
Posts: n/a
Threads: 5107
Default

np ;)
  Reply With Quote

Old 02-08-2005, 09:44 PM   #5
ToRaZ
Special Friend
 
ToRaZ's Avatar
 
ToRaZ is offline Offline
Join Date: Jan 2005
Posts: 2,220
Threads: 259
ToRaZ is on a distinguished road
Default

very nice share :)
  Reply With Quote

Old 09-23-2005, 10:50 AM   #6
KevinAustin
Guest
 
Posts: n/a
Threads: 5107
Default

Thanks freeswan for the information!!
  Reply With Quote

Old 10-29-2005, 06:08 AM   #7
figo07
Guest
 
Posts: n/a
Threads: 5107
Default

you're great! really appreciated!
  Reply With Quote

Old 02-07-2006, 05:55 AM   #8
Ncqr
Silver Exploiter
 
Ncqr's Avatar
 
Ncqr is offline Offline
Join Date: Jan 2006
Location: Australia
Posts: 487
Threads: 99
Ncqr is on a distinguished road
Default

Thanks for the info... very interesting

Cheers

Ncqr
  Reply With Quote

Old 02-07-2006, 09:35 AM   #9
security
Banned
 
security is offline Offline
Join Date: Jan 2006
Posts: 104
Threads: 7
security is on a distinguished road
Default

thanks freeswan for the injection :)
  Reply With Quote

Old 04-16-2006, 01:41 AM   #10
fbm2themex
Banned
 
fbm2themex is offline Offline
Join Date: Apr 2006
Posts: 347
Threads: 2
fbm2themex is on a distinguished road
Default

awsome stuff
  Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump



All times are GMT -4. The time now is 08:46 AM.


vBulletin skin developed by: Xisp.org Crew
Powered by vBulletin®
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.
2005 © Copyright Xisp.org