Pete Finnigan's Oracle security weblog

Home » Archives » March 2007 » More Oracle exploits

More Oracle exploits

March 5th, 2007 by Pete

Post to del.icio.us Post to Furl mood: L

Andrea Purificato has a site called RawLAB that is quite useful. It has a good list of Oracle exploits written in Perl. These include the following exploits written to use cursor injection:

dbms_exp_extV2.pl
dbms_cdc_subscribeV2.pl
dbms_meta_get_ddlV2.pl
kupw-workerV2.pl
kupv-ft_attach_jobV2.pl

and those that use traditional PL/SQL injection:

dbms_cdc_subscribe.pl
dbms_meta_get_ddl.pl
kupw-worker.pl
kupv-ft_attach_job.pl
dbms_exp_ext.pl

Plus a couple of tools, the first to execute remote OS commands - ora_exec_cmd.pl and a tool to extract Oracle password hashes - get_oracle_hash.pl

nice site!


There are 34 visitors online
Services \| Portal \| White Papers \| Scripts \| Tools \| Newsletter \| Information \| Alerts \| Search \| Weblog / Forum \| What's New About Us Consulting Services Training Courses Oracle Security Research Database Policy Partners Products Careers Pete Finnigan Contact Details Events Oracle Security Database Security Database Software Security Web Development Programming Off Topic Oracle Security Oracle Security (Page 2) Others Ramblings Oracle Security Tips SQL and PL/SQL Unix Tools Audit Tools Default Password Checker Default Password List Oracle Security Scanner Subscribe Un-Subscribe Recent Newsletters Web Links Books Oracle Newsgroups Oracle Blogs Oracle news Feedback / Enquiries Guestbook Site Map Site Statistics WebLog Forum Security Issues Database What's New Register for Updates PeteFinnigan.com in the news