Popular PDFs Topics

SAP Tutorial...(481792 hits)
Toshiba...(228592 hits)
C Programming...(226870 hits)
Chevrolet...(186457 hits)
Xbox 360...(181796 hits)
Ford...(177287 hits)
Digital Camera...(170537 hits)
Shell Programming...(148187 hits)
Oracle Programming...(138525 hits)
Toyota...(132253 hits)

PDF Topic Tags

Cheat Playstation 2 Pokemon BMW Wii Playstation 3 Volkswagen Digital Camera Linux Coldfusion Programming Printer Sony Mac Hacking Microsoft Office SAP Tutorial Bluetooth Hacking OpenOffice Shell Programming Corel Draw Visual Basic Programming

PDF Term Tags

Vba For Modelers Developing Decision Support Systems With Microsoft Office Excel Torrent, Socket Cheat Sheet Pdf, Cups4j Attributes Example, Balagurusamy Debugging Excercise Solution Of Java, Sony Vaio Pcg 61a11l Drivers Download, Informatica Java Transformation Interview, Sapfico Narayanan Pdf, Como Resetar Bios Notebook Aspire Bl51, Sony Ps2 Sheme, Manual De Funcionamiento Del Toyota Funcargo, Ml194v 0 Service Manual, Sony Vaio Pcg 61a11l Ethernet Drivers Download, Balaguruswamy Jave E Book, New Version Dsch Software Free Version Download, Manual Do Motor L200 Em Pdf, Staad Pro Solved Example Downloads, Canon 2000x Imovies, Como Resetar Bios Bl51, Unix For Programmers And Users 3 Download, Vistex Configuration Screen Shots, ...

Sponsored Links

 

 

Home > Programming > Oracle Programming

 

Advanced Exploitation of Oracle PL/SQL Flaws

Source: www.blackhat.com
Topic: Oracle Programming

Short Desciption:
NGS Consulting Next Generation Security Software Ltd. What is PL/SQL? What is PL/SQL? • Procedural Language / Structured Query Language • Oracles extension to standard SQL Programmable like T-SQL ...

 

Content Inside:
NGS Consulting Next Generation Security Software Ltd. Advanced Exploitation of Oracle PL/SQL Flaws David Litchfield (davidl@ngssoftware. com) NGS Consulting Next Generation Security Software Ltd. Objectives Objectives • Discuss current "threat landscape" • Introduce a new class of vulnerability • Introduce a new method of attack • Show practical demonstrations • Look at some defences NGS Consulting Next Generation Security Software Ltd. Agenda Agenda • PL/SQL Risks • SQL Injection • "Dangling" Cursor Snarfing • Cursor Injection • Demonstrations • Grant DBA Privileges • Indirect Privilege Escalation NGS Consulting Next Generation Security Software Ltd. What is PL/SQL? What is PL/SQL? • Procedural Language / Structured Query Language • Oracles extension to standard SQL Programmable like T-SQL in the Microsoft world. • Used to create • Stored Procedures • Functions • Packages (collections of procedures and functions) • Triggers • Objects • Extends functionality with External Procedures and Java NGS Consulting Next Generation Security Software Ltd. Privileges - Definer vs. Invoker rights Privileges - Definer vs. Invoker rights • PL/SQL executes with the privileges of the definer • A procedure owned by SYS executes with SYS privileges • AUTHID CURRENT_USER keyword • PL/SQL created using the AUTHID CURRENT_USER keyword executes with the privileges of the invoker • A procedure owned by SYS but called by SCOTT executes with the privileges of SCOTT • Analogous to Suid programs in the *nix world. NGS Consulting Next Generation Security Software Ltd. Running SQL from PL/SQL Running SQL from PL/SQL • EXECUTE IMMEDIATE … • OPEN • DBMS_SQL • Key to Cursor Snarfing and Cursor Injection NGS Consulting Next Generation Security Software Ltd. DBMS_SQL DBMS_SQL DECLARE MY_CURSOR NUMBER; MY_RESULT NUMBE ...

 

add to Google Reader add to Google Bookmark add to bloglines add to newsgator add to FURL add to digg add to webnews add to Netscape add to Yahoo MyWeb add to spurl.net add to diigo Bookmark newsvine Bookmark del.icio.us Bookmark @ SIMPIFY Bookmark MISTER WONG Bookmark Linkarena Bookmark icio.de Bookmark oneview Bookmark folkd.com Bookmark yigg.de Bookmark reddit Bookmark StumbleUpon Bookmark Slashdot Bookmark blinklist Bookmark technorati add to blogmarks add to blinkbits add to ma.gnolia add to smarking.com add to netvouz add to co.mments add to Connotea add to de.lirio.us

 

Sponsored Links

 

 

Related PDF Files

Oracle Application Server Forms and Reports Services


Topic: Oracle Programming

... Oracle Application Server Forms Services Deployment Guide ■ Oracle Forms Migration Guide ■ Oracle Application Server Reports Services Publishing Reports to the Web ■ Oracle Application Server Concepts

Oracle Discoverer 4i Plus Firewall and SSL Tips


Topic: Oracle Programming

Oracle Discoverer 4i Plus Firewall and SSL Tips Introduction ..... 1 Background ...

60 Oracle Security Tips in 60 Minutes


Topic: Oracle Programming

Understand Exploits • What : Oracle exploits are available for review and experimentation • Why : Understanding and demonstrating exploits can raise data security awareness • How

Oracle Database Recovery Manager


Topic: Oracle Programming

Oracle® Database Recovery Manager Quick Start Guide 10 g Release 2 (10.2) Oracle Database Recovery Manager

Oracle Performance


Topic: Oracle Programming

Other Oracle resources from OReilly Related titles Oracle in a Nutshell Oracle PL/SQL Programming Oracle PL/SQL ... cause of the problem, no matter what that root cause may be. Determinism A method must guide ...