Auditing an Oracle database for security issues is very important. PeteFinnigan.com provides all of the information and tools that you will need Click here for details of PeteFinnigan.com Limited's detailed Oracle database security audit service Click here for details of PeteFinnigan.com Limited's Oracle Security Training Courses
Cookie Policy:We only use essential cookies on small sections of this website. For details see here.

Welcome, Guest. Please Login.
Nov 19th, 2017, 4:40am
News: If you would like to register contact the forum admin
Home | Help | Search | Members | Login
   Pete Finnigan's Oracle Security Forum
   Oracle Security
   Oracle Security
(Moderator: Pete Finnigan)
   Who wrote the P-O-C Worm?
« Previous topic | Next topic »
Pages: 1  Reply | Notify of replies | Send Topic | Print
   Author  Topic: Who wrote the P-O-C Worm?  (Read 2052 times)
isaez
PeteFinnigan.com Junior Member
**



Ivan

   
View Profile |

Gender: male
Posts: 76
Who wrote the P-O-C Worm?
« on: Nov 25th, 2005, 11:18am »
Quote | Modify

Hi,
 
Do we know how wrote the proof-of-concept worm?
The chance the author posted code in the past is high (IMHO). And chances are high those code/questions are stored in Google. And beacuse I'm very curious about who is the author of the worm (just curiosity)  I'm looking at the code to see if I find any clue about the author. I started looking for spellingerrors in the comment, eg. adress instead of address, to see if I can find similar errors in Google. People tend to make the same spellingerrors. I did not find any errors (more comments next time pleaseSmiley . Next I looked at the variables to see if I can discover the author's language. People tend to use their own language to name variables. No luck. Then I looked at the variables. People tend to use the same variablenames in their programs. I looked in Google if I could find hits with the same variablenames. Variablenames like ret_val, i1, i2, i4, etc. No luck. It seems that the author took care not to reveal his/her identity. He/she used unique variablenames.  
The most promising search is: ret_val "exit when"
I'll keep searchingSmiley
 
Ivan
IP Logged

regards,

Ivan
gamyers
PeteFinnigan.com Junior Member
**



I love YaBB 1G - SP1!

   
View Profile |

Posts: 80
Re: Who wrote the P-O-C Worm?
« Reply #1 on: Nov 28th, 2005, 2:53am »
Quote | Modify

The most surprising bit for me was the use of the older style DBMS_SQL rather than EXECUTE IMMEDIATE (avaiable in 8i onwards).  
EXECUTE IMMEDIATE is a lot simpler. DBMS_SQL has two advantages though. Firstly, and the main one for general applications, is that the same cursor can be re-opened which saves on a parse. Secondly, DBMS_SQL can be invoked over a DB link (ie a session on database A can use DBMS_SQL on database B, given a database link with the right grants) to run anonymous PL/SQL on the remote database.
It makes me wonder if the reason EXECUTE IMMEIDATE wasn't used is that this was based on another Oracle hack which required that functionality (eg to act as some DoS CPU hog).
 
IP Logged
Pages: 1  Reply | Notify of replies | Send Topic | Print

« Previous topic | Next topic »

Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright 2000-2004 Yet another Bulletin Board