#!/usr/bin/ksh # # detect.ksh # Pete Finnigan # 16-Jun-2003 # # Example code for an article for www.securityfocus.com called "detecting # SQL injection in Oracle" by Pete Finnigan (pete@petefinnigan.com) # website http://www.petefinnigan.com # # # use snoop to grab network packets from a client SQL*Plus connection # NOTE:- change jupiter to your onw hostname and 1521 to the port # the Oracle listener is listening on snoop -t a -x 0 jupiter and port 1521 | strings # # add the followng lines to the sqlnet.ora file change the name and # location to suit your own requirements # echo "TRACE_FILE_SERVER=pf_trace.trc" >> $ORACLE_HOME/network/admin/sqlnet.ora echo "TRACE_DIRECTORY_SERVER=/tmp" >> $ORACLE_HOME/network/admin/sqlnet.ora echo "TRACE_LEVEL_SERVER=SUPPORT" >> $ORACLE_HOME/network/admin/sqlnet.ora # run the following from a clinet SQL*Plus session # # exec get_cust('x'' union select username from all_users where ''x''=''x');