Infos

Sie befinden sich aktuell in den Alexander Kornbrust Oracle Security Blog Blog-Archiven für den folgenden Tag 28 Mai 2007.

Calendar

Mai 2007
M	D	M	D	F	S	S
		Jun »
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31

Kategorien

11g (12)
Allgemein (29)
David Litchfield (7)
Exploit (23)
Forensics (7)
Oracle Security (105)
passwords (8)
Repscan (1)
Security (22)
Sentrigo (5)
software (9)
source code audit (5)
SQL Injection (24)
Tools (24)
Trainings (3)
Tutorial (2)

Letzte Einträge

Links

Oracle Security
- RDS-blog (german)
- Repscan
SQL Injection
- RDS Oracle Exploits
- SQL Injection Cheat Sheet

Archive für 28 Mai 2007

Oracle Security Riddle

28 Mai 2007 von Alexander Kornbrust.

During Oracle security audits we find from time to time the following (unsecure) code. Do you see the vulnerability and do you know how to exploit it?

Solution coming soon…
———-Code without exception handling—

FUNCTION CHGPWD (
P_USER VARCHAR2,
P_PWD VARCHAR2)
RETURN BOOLEAN IS

L_STMT VARCHAR2(255);

BEGIN

L_STMT:= ‘ALTER USER “‘ || P_USER || ‘” IDENTIFIED BY “‘ || P_PWD||’”‘;

EXECUTE IMMEDIATE L_STMT;

RETURN TRUE;

END;

Geschrieben in source code audit, Oracle Security | Drucken | 1 Kommentar »

Oracle Security

SQL Injection

Archive für 28 Mai 2007

Oracle Security Riddle