David has an interesting new paper that shows how PLSQL injection techniques now only require the CREATE SESSION privilege. Get it here. http://www.databasesecurity.com/dbsec/cursor-injection.pdf
I am now blogging from www.oracleforensics.com which accompanies my new book that is now completed.
http://www.rampant-books.com/book_2007_1_oracle_forensics.htm
All future entries will be made at that URL.
Monday, 26 February 2007
Sunday, 18 February 2007
Interesting Payload to PLSQL exploit at Milw0rm
Interesting exploit payload below.
http://www.milw0rm.com/exploits/3177
——————————–
v_commands := 'insert into sys.sysauth$ ' ||
' values' ||
'(' || v_user_id || ',4,' ||
'999,null)';
——————————-
Instead of grant dba to scott the exploit payload inserts the values into sysauth$.
This will bypass many IDS signatures. David mentioned this to me quite a while ago and it is now public so better update those IDS rules.
Subscribe to:
Posts (Atom)
