Popular PDFs Topics

SAP Tutorial...(481466 hits)
Toshiba...(228464 hits)
C Programming...(226734 hits)
Chevrolet...(186334 hits)
Xbox 360...(181643 hits)
Ford...(177184 hits)
Digital Camera...(170400 hits)
Shell Programming...(148098 hits)
Oracle Programming...(138395 hits)
Toyota...(132174 hits)

PDF Topic Tags

Playstation 3 Windows Vista Volkswagen Playstation 2 Microsoft Office Visual Basic Programming Corel Draw C Programming Toshiba Linux Televison Photoshop Pokemon BMW Sony Bluetooth Hacking Toyota Printer Naruto SAP Tutorial

PDF Term Tags

Acer Aspire Motherboard Wiring, Pmcmd Tutorial, Socket Programing Ftp Client Server On Unix Socket, Udp Tomcat, Sony Bravia Als Extender, Toshiba Satellite Pro Psaf4a 003007, 06 Vw Jetta Troubleshoot, Specs A100 178, Ignition Module For 91 Chevrolet 5 7, How To Change The Rear Brakes On A 2006 Cobalt Ss, 302 Rotor Position, Do Toshiba Flash Drives Work With Xbox, How To Replace Axle On Beetle, Sap Query Print Layout Designer Tutorial, 2005 Jetta Valve Body Recall, Business One Content At Sapphire, Spanish Video Game Manual Pdf, Timeing Change Ford F150, Xml Informatica Workflow, Changing Slave Cylinder On 2001 Vw Jedda, ...

Sponsored Links

 

 

Home > Programming > Oracle Programming

 

Oracle PL/SQL Injection

Source: www.blackhat.com
Topic: Oracle Programming

Short Desciption:
NGS Consulting Next Generation Security Software Ltd. What is PL/SQL? What is PL/SQL? • Procedural Language / Structured Query Language • Oracles extension to standard SQL Programmable like T-SQL ...

 

Content Inside:
NGS Consulting Next Generation Security Software Ltd. Oracle PL/SQL Injection David Litchfield NGS Consulting Next Generation Security Software Ltd. What is PL/SQL? What is PL/SQL? • Procedural Language / Structured Query Language • Oracles extension to standard SQL Programmable like T-SQL in the Microsoft world. • Used to create • Stored Procedures • Functions • Packages (collections of procedures and functions) • Triggers • Objects • Extends functionality with External Procedures NGS Consulting Next Generation Security Software Ltd. Privileges - Definer vs. Invoker rights Privileges - Definer vs. Invoker rights • PL/SQL executes with the privileges of the definer • A procedure owned by SYS executes with SYS privileges • AUTHID CURRENT_USER keyword • PL/SQL created using the AUTHID CURRENT_USER keyword executes with the privileges of the invoker • A procedure owned by SYS but called by SCOTT executes with the privileges of SCOTT • Analogous to Suid programs in the *nix world. NGS Consulting Next Generation Security Software Ltd. PL/SQL over the Web PL/SQL over the Web • Oracle Application Server / Web Portal • http://server/pls/dad/pkg.proc?p_in=foobar • Acts as a proxy, passes request to the database server and the PL/SQL executes inside the database server - not the front end. NGS Consulting Next Generation Security Software Ltd. PL/SQL Injection PL/SQL Injection • SELECT statements • DML - UPDATE, DELETE, INSERT • Anonymous PL/SQL Blocks in Procedures NGS Consulting Next Generation Security Software Ltd. PL/SQL SELECT Example PL/SQL SELECT Example CREATE OR REPLACE PROCEDURE LIST_LIBRARIES(P_OWNER VARCHAR2) AS TYPE C_TYPE IS REF CURSOR; CV C_TYPE; BUFFER VARCHAR2(200); BEGIN DBMS_OUTPUT.ENABLE(1000000); OPEN CV FOR SELECT OBJECT_NAME FROM ALL_OBJECTS WHERE OWNER = || P_OWNER || AND OBJECT_TYPE=LIBRARY; LOOP FE ...

 

add to Google Reader add to Google Bookmark add to bloglines add to newsgator add to FURL add to digg add to webnews add to Netscape add to Yahoo MyWeb add to spurl.net add to diigo Bookmark newsvine Bookmark del.icio.us Bookmark @ SIMPIFY Bookmark MISTER WONG Bookmark Linkarena Bookmark icio.de Bookmark oneview Bookmark folkd.com Bookmark yigg.de Bookmark reddit Bookmark StumbleUpon Bookmark Slashdot Bookmark blinklist Bookmark technorati add to blogmarks add to blinkbits add to ma.gnolia add to smarking.com add to netvouz add to co.mments add to Connotea add to de.lirio.us

 

Sponsored Links

 

 

Related PDF Files

Oracle Date Functions


Topic: Oracle Programming

... 12:00 noon, it returns the same date with time is set to 12:00AM. Otherwise it returns the next day with time at 12:00AM ===== References: Rajshekhar Sunderraman, Oracle Programming - A ...

Oracle Database 10g Standard Edition One to Oracle Database 10g ...


Topic: Oracle Programming

... One EMC AX100 or CX300 Storage Array. Four HBA cards and one fiber switch (optional). See the Oracle Database 10g Standard Edition Real Application Cluster for Microsoft® Windows® Deployment Guide for ...

PL/SQL Conditional Compilation use cases and best practice


Topic: Oracle Programming

PL/SQL conditional compilation 10-November-2005 www.oracle.com/technology/tech/pl_sql/pdf/ Plsql_Conditional_Compilation.pdf NOTE The following is intended to outline our general product direction.

Oracle Application Server


Topic: Oracle Programming

Oracle Application Server PL/SQL Web Toolkit Reference, 10 g Release 2 (10.1.2) B15896-01 Copyright © 1996, 2005, Oracle. All rights reserved. Primary Author:

Tips for Installing and Configuring Oracle9 i Real Application ...


Topic: Oracle Programming

An Oracle white paper, Tips and Techniques: Install and Configure Oracle9 i on Red Hat Linux Advanced Server, provides information about kernel settings and virtual memory considerations that apply to ...