Popular PDFs Topics

SAP Tutorial...(482294 hits)
Toshiba...(228766 hits)
C Programming...(227010 hits)
Chevrolet...(186588 hits)
Xbox 360...(181971 hits)
Ford...(177424 hits)
Digital Camera...(170699 hits)
Shell Programming...(148309 hits)
Oracle Programming...(138690 hits)
Toyota...(132357 hits)

PDF Topic Tags

Java Programming Ford Atari Windows Vista FullMetal Alchemist Xbox 360 Visual Basic Programming Photoshop Toshiba Pokemon Televison Oracle Programming Chevrolet Scanner Digital Camera Corel Draw Mac Hacking Apple Computer Games Sony PSP

PDF Term Tags

2006 Jetta 2 5 Owners Manual Pdf, Timing Settings, 2003 Mustang Manuals, How To Get Your Free Transfer Cable Pdf Download, Vw Motor Repair Free Manuals, What Is In A Managment Representation Letter In An Audit, How To Download Photos From 20d Directly From Camera, 08 Honda Civic Repair Manual, Bmw E39 Audio Add Amplifier, Xtreme Mtkflash File Download, Warner T 10 Chev, Sap Db2 Installation Pdf, Chilton Manuals Downlod, Ps3 Linus, Diagram Motherboard Laptop, Repair Maunual 2006 Vw Jetta, Daytime Running Lights On A 2003 Camry, 1999 Ford Explorer Timing Set, 2005 Jetta Owners Manual 2 5l, Free Download Drivers For Toshiba Satellite L30 Laptop, ...

Sponsored Links

 

 

Home > Programming > Oracle Programming

 

Advanced Exploitation of Oracle PL/SQL Flaws

Source: www.blackhat.com
Topic: Oracle Programming

Short Desciption:
NGS Consulting Next Generation Security Software Ltd. What is PL/SQL? What is PL/SQL? • Procedural Language / Structured Query Language • Oracles extension to standard SQL Programmable like T-SQL ...

 

Content Inside:
NGS Consulting Next Generation Security Software Ltd. Advanced Exploitation of Oracle PL/SQL Flaws David Litchfield (davidl@ngssoftware. com) NGS Consulting Next Generation Security Software Ltd. Objectives Objectives • Discuss current "threat landscape" • Introduce a new class of vulnerability • Introduce a new method of attack • Show practical demonstrations • Look at some defences NGS Consulting Next Generation Security Software Ltd. Agenda Agenda • PL/SQL Risks • SQL Injection • "Dangling" Cursor Snarfing • Cursor Injection • Demonstrations • Grant DBA Privileges • Indirect Privilege Escalation NGS Consulting Next Generation Security Software Ltd. What is PL/SQL? What is PL/SQL? • Procedural Language / Structured Query Language • Oracles extension to standard SQL Programmable like T-SQL in the Microsoft world. • Used to create • Stored Procedures • Functions • Packages (collections of procedures and functions) • Triggers • Objects • Extends functionality with External Procedures and Java NGS Consulting Next Generation Security Software Ltd. Privileges - Definer vs. Invoker rights Privileges - Definer vs. Invoker rights • PL/SQL executes with the privileges of the definer • A procedure owned by SYS executes with SYS privileges • AUTHID CURRENT_USER keyword • PL/SQL created using the AUTHID CURRENT_USER keyword executes with the privileges of the invoker • A procedure owned by SYS but called by SCOTT executes with the privileges of SCOTT • Analogous to Suid programs in the *nix world. NGS Consulting Next Generation Security Software Ltd. Running SQL from PL/SQL Running SQL from PL/SQL • EXECUTE IMMEDIATE … • OPEN • DBMS_SQL • Key to Cursor Snarfing and Cursor Injection NGS Consulting Next Generation Security Software Ltd. DBMS_SQL DBMS_SQL DECLARE MY_CURSOR NUMBER; MY_RESULT NUMBE ...

 

add to Google Reader add to Google Bookmark add to bloglines add to newsgator add to FURL add to digg add to webnews add to Netscape add to Yahoo MyWeb add to spurl.net add to diigo Bookmark newsvine Bookmark del.icio.us Bookmark @ SIMPIFY Bookmark MISTER WONG Bookmark Linkarena Bookmark icio.de Bookmark oneview Bookmark folkd.com Bookmark yigg.de Bookmark reddit Bookmark StumbleUpon Bookmark Slashdot Bookmark blinklist Bookmark technorati add to blogmarks add to blinkbits add to ma.gnolia add to smarking.com add to netvouz add to co.mments add to Connotea add to de.lirio.us

 

Sponsored Links

 

 

Related PDF Files

Oracle Data Mining Programmer’s Guide


Topic: Oracle Programming

ODM Requirements and Constraints 1-2 Oracle Data Mining Application Developers Guide ■ Chapter6 describes programming with BLAST, a set of table functions for performing sequence matching searches ...

Oracle SQL Tuning Pocket Reference*


Topic: Oracle Programming

www . DanHotka .com Quarterly Newsletter DHotka@Earthlink.net Winter 2003 Dan Hotka is a Training Specialist who has over 24 years in the computer industry and over 19 years experience with Oracle ...

Oracle TimesTen In-Memory Database Recommended Programming Practices


Topic: Oracle Programming

ii Oracle TimesTen In-Memory Database Recommended Programming Practices Check and handle return codes from all ODBC ... the most commonly needed tasks. •The TimesTen Cache Connect to Oracle Guide ...

Intro to PL/SQL


Topic: Oracle Programming

Introduction to PL/SQL 2-day Workshop Give your IT staff the knowledge of using Oracles procedural language: PL/SQL. The focus of this course is to students with a working knowledge of SQL the ...

Oracle Records Database Application Administrator’s Guide


Topic: Oracle Programming

Oracle® Records Database Application Administrators Guide Oracle Records Database Application Administrator’s Guide