Startseite
About
Impressum
Oracle vs Microsoft
Oracle vs. IBM
Oracle CPU October 2007 - 14 Bugs reported by RDS

Infos

Sie befinden sich aktuell in den Blog Blog-Archiven für den folgenden Tag 28 Mai 2007.

Calendar

Mai 2007
M	D	M	D	F	S	S
		Jun »
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31

Kategorien

10.2.0.4 (1)
11g (3)
Allgemein (11)
BEA (1)
checkpwd (4)
CPUApr2008 (3)
CPUJan2008 (2)
CPUJul2007 (3)
CPUOct2007 (1)
Database Vault (1)
David Litchfield (4)
Exploit (4)
Forensics (3)
Inguma (2)
MacOS (1)
Mary Ann (1)
Oracle (2)
Oracle Security (46)
passwords (3)
Podcast (1)
rootkits (1)
Security (9)
Security Book (1)
Sentrigo (1)
software (2)
Source Code Analysis (1)
source code audit (3)
SQL Injection (4)
Trainings (1)

Letzte Einträge

9 Aug 2008: July 2008 CPU Advisory - Windows Patch update for Oracle 10.1.0.5
29 Jul 2008: Exploit for Oracle Bea Weblogic - Apache Connector published
8 Mai 2008: Checkpwd 1.23 for MacOS Intel native released
16 Apr 2008: Oracle CPU April 2008 - Update
15 Apr 2008: Oracle Critical Patch Update April 2008 is out
11 Apr 2008: Looking Glass and Oracle 11g
11 Apr 2008: Oracle Critical Patch Update Pre-Release Announcement - April 2008
4 Mrz 2008: We proudly present: Anna Marie Kornbrust
4 Mrz 2008: Corba Exploit for VisiBroker published
25 Feb 2008: Oracle Patchset 10.2.0.4 is out

Links

Blogs
Links

Archive für 28 Mai 2007

Oracle Security Riddle

28 Mai 2007 von Alexander Kornbrust.

During Oracle security audits we find from time to time the following (unsecure) code. Do you see the vulnerability and do you know how to exploit it?

Solution coming soon…
———-Code without exception handling—

FUNCTION CHGPWD (
P_USER VARCHAR2,
P_PWD VARCHAR2)
RETURN BOOLEAN IS

L_STMT VARCHAR2(255);

BEGIN

L_STMT:= ‘ALTER USER “‘ || P_USER || ‘” IDENTIFIED BY “‘ || P_PWD||’”‘;

EXECUTE IMMEDIATE L_STMT;

RETURN TRUE;

END;

Geschrieben in source code audit, Oracle Security | 1 Kommentar »

Blogs

Links

Archive für 28 Mai 2007

Oracle Security Riddle