QUOTE(forza @ Feb 7 2005, 11:19 AM)
This presentation is about new ways to exploit SQL Injection vulnerabilities in Oracle Databases. It shows, with working examples, many ways in that the Oracle database security could be bypassed and how to protect from these threats.
hxxp://security-papers.globint.com.ar/oracle_security/sql_injection_in_oracle.php
This is good stuff, including some working exploits:
BufferOverflowExploit_CreatingSYSDBAUser.sql
BufferOverflowExploit_GettingOSAdmin.sql
BufferOverflowExploit_SDO_CODE_SIZE_10g.sql
SQLInjectionBecomingSYS.sql
SQLInjectionExecutingOSCommand.sql
SQLInjectionLimitation.sql
SQLInjectionUploadingAFile.sql
SQLInjectionVulCurUsr.sql
BTW - Check out the Oracle / DB2 tools from Johnny Cyberpunk
A small database fingerprinting toolset for db2 and oracle.
QUOTE
the tools in this package can help a pentester or admin to fingerprint
remote db2 and oracle servers for their version/os etc.
THCORAVER gives to following output:
-----------------------------------------------
THCoraver v0.1 - Oracle Version Fingerprinter
coding jcyberpunk@thc.org
-----------------------------------------------
Query for : 10.65.101.60 in progress...pleaze wait!
TNSLSNR for Solaris: Version 9.2.0.4.0 - Production
TNS for Solaris: Version 9.2.0.4.0 - Production
Unix Domain Socket IPC NT Protocol Adaptor for Solaris: Version 9.2.0.4.0 - Production
Oracle Bequeath NT Protocol Adapter for Solaris: Version 9.2.0.4.0 - Production
TCP/IP NT Protocol Adapter for Solaris: Version 9.2.0.4.0 - Production
hxxp://thc.org/root/tools/THCDBFP.zip
