Popular PDFs Topics

SAP Tutorial...(482129 hits)
Toshiba...(228712 hits)
C Programming...(226955 hits)
Chevrolet...(186539 hits)
Xbox 360...(181909 hits)
Ford...(177379 hits)
Digital Camera...(170654 hits)
Shell Programming...(148265 hits)
Oracle Programming...(138621 hits)
Toyota...(132317 hits)

PDF Topic Tags

SAP Tutorial Acer Playstation 2 Mobile Phone Mac Hacking Toyota Xbox 360 Sony PSP Honda Atari Visual Basic Programming Sony Shell Programming Java Programming Chevrolet BMW Cheat Oracle Programming Apple Bluetooth Hacking

PDF Term Tags

Best Setting For Canon Rebel, Oracle Reports Manual, Bmw 3 5 Series Service And Repair Manual 2006, 1997 Chevy K 1500 Free Download Owners Manual, Next Generation Sony Computer, Microsoft Gives You Free 360 Transfer Cable, Free Game Copy Software For Xbo 360, 2004 Camry Brochure, Does The 2006 Chevy Cobalt Have A Carburetor, 2008 Mustang Service Manual, Volkswagen Beetle Factory Repair Manual Download, 2004 Cheverolet Brake Diagram, Toshiba Satellite L30 10t Driver For Vista Downloads Free, Cd Dvd Toshiba Driver M100, Volkswagen Beetle Transmission Remove, How To Use Canon Rebel Manual Settings, Service Bmw Pdf E39, Volkswagen Jetta Service Manual 2005 2006 Pdf, Manual Gratis De Camara Sanyo Vpc 5500, Oracle Reports Tutorial Pl Sql, ...

Sponsored Links

 

 

Home > Programming > Oracle Programming

 

Oracle PL/SQL Injection

Source: www.blackhat.com
Topic: Oracle Programming

Short Desciption:
NGS Consulting Next Generation Security Software Ltd. What is PL/SQL? What is PL/SQL? • Procedural Language / Structured Query Language • Oracles extension to standard SQL Programmable like T-SQL ...

 

Content Inside:
NGS Consulting Next Generation Security Software Ltd. Oracle PL/SQL Injection David Litchfield NGS Consulting Next Generation Security Software Ltd. What is PL/SQL? What is PL/SQL? • Procedural Language / Structured Query Language • Oracles extension to standard SQL Programmable like T-SQL in the Microsoft world. • Used to create • Stored Procedures • Functions • Packages (collections of procedures and functions) • Triggers • Objects • Extends functionality with External Procedures NGS Consulting Next Generation Security Software Ltd. Privileges - Definer vs. Invoker rights Privileges - Definer vs. Invoker rights • PL/SQL executes with the privileges of the definer • A procedure owned by SYS executes with SYS privileges • AUTHID CURRENT_USER keyword • PL/SQL created using the AUTHID CURRENT_USER keyword executes with the privileges of the invoker • A procedure owned by SYS but called by SCOTT executes with the privileges of SCOTT • Analogous to Suid programs in the *nix world. NGS Consulting Next Generation Security Software Ltd. PL/SQL over the Web PL/SQL over the Web • Oracle Application Server / Web Portal • http://server/pls/dad/pkg.proc?p_in=foobar • Acts as a proxy, passes request to the database server and the PL/SQL executes inside the database server - not the front end. NGS Consulting Next Generation Security Software Ltd. PL/SQL Injection PL/SQL Injection • SELECT statements • DML - UPDATE, DELETE, INSERT • Anonymous PL/SQL Blocks in Procedures NGS Consulting Next Generation Security Software Ltd. PL/SQL SELECT Example PL/SQL SELECT Example CREATE OR REPLACE PROCEDURE LIST_LIBRARIES(P_OWNER VARCHAR2) AS TYPE C_TYPE IS REF CURSOR; CV C_TYPE; BUFFER VARCHAR2(200); BEGIN DBMS_OUTPUT.ENABLE(1000000); OPEN CV FOR SELECT OBJECT_NAME FROM ALL_OBJECTS WHERE OWNER = || P_OWNER || AND OBJECT_TYPE=LIBRARY; LOOP FE ...

 

add to Google Reader add to Google Bookmark add to bloglines add to newsgator add to FURL add to digg add to webnews add to Netscape add to Yahoo MyWeb add to spurl.net add to diigo Bookmark newsvine Bookmark del.icio.us Bookmark @ SIMPIFY Bookmark MISTER WONG Bookmark Linkarena Bookmark icio.de Bookmark oneview Bookmark folkd.com Bookmark yigg.de Bookmark reddit Bookmark StumbleUpon Bookmark Slashdot Bookmark blinklist Bookmark technorati add to blogmarks add to blinkbits add to ma.gnolia add to smarking.com add to netvouz add to co.mments add to Connotea add to de.lirio.us

 

Sponsored Links

 

 

Related PDF Files

Oracle Database Application Developer’s Guide - Rules Manager and ...


Topic: Oracle Programming

Oracle Database Application Developer’s Guide - Rules Manager and Expression Filter

Oracle Data Mining Programmer’s Guide


Topic: Oracle Programming

ODM Requirements and Constraints 1-2 Oracle Data Mining Application Developers Guide ■ Chapter6 describes programming with BLAST, a set of table functions for performing sequence matching searches ...

Oracle Database SQL Quick Reference


Topic: Oracle Programming

Oracle Database SQL Quick Reference, 10 g Release 1 (10.1) Part No. B10758-01 Copyright © 2003 Oracle Corporation. All rights reserved. Contributors: Joan Gregoire, Diana Lorentz, Simon Watt The ...

Oracle Application Server


Topic: Oracle Programming

Oracle Application Server PL/SQL Web Toolkit Reference, 10 g Release 2 (10.1.2) B15896-01 Copyright © 1996, 2005, Oracle. All rights reserved. Primary Author:

Oracle Date Functions


Topic: Oracle Programming

... 12:00 noon, it returns the same date with time is set to 12:00AM. Otherwise it returns the next day with time at 12:00AM ===== References: Rajshekhar Sunderraman, Oracle Programming - A ...