- 11g (11)
- Allgemein (29)
- David Litchfield (7)
- Exploit (21)
- Forensics (5)
- Oracle Security (95)
- passwords (8)
- Repscan (1)
- Security (21)
- Sentrigo (5)
- software (9)
- source code audit (5)
- SQL Injection (24)
- Tools (24)
- Trainings (2)
- Tutorial (2)
- 5 Aug 2010: Oracle Presentations from Blackhat 2010 Las Vegas are online
- 18 Apr 2010: Blackhat 2010 Presentation "Oracle, Interrupted: Stealing Sessions and Credentials" online
- 15 Apr 2010: New fast Oracle DES password cracker OPS_SSE2
- 14 Apr 2010: Oracle 11g R2 client trojan warning from Antivir
- 13 Apr 2010: Python Source for PLSQL Unwrapper posted
- 13 Apr 2010: Oracle CPU April 2010 is out
- 13 Apr 2010: Improve Oracle TDE with Intel AES-NI
- 12 Apr 2010: Man-in-the-Middle attacks at upcoming Black Hat Europe
- 9 Apr 2010: Oracle CPU April 2010 - Prerelease
- 8 Apr 2010: Cool Web Application Scanner: Netsparker Community Edition
Oracle Security
SQL Injection
- August 2010
- April 2010
- März 2010
- Februar 2010
- Januar 2010
- Dezember 2009
- November 2009
- Oktober 2009
- September 2009
- August 2009
- Juli 2009
- Mai 2009
- April 2009
- März 2009
- Februar 2009
- Januar 2009
- Dezember 2008
- November 2008
- Oktober 2008
- August 2008
- Juli 2008
- Mai 2008
- April 2008
- März 2008
- Februar 2008
- Januar 2008
- Dezember 2007
- November 2007
- Oktober 2007
- September 2007
- August 2007
- Juli 2007
- Juni 2007
- Mai 2007
Running Inguma PL/SQL Fuzzer against 10.2.0.3 with October 2007 CPU
Today I modified the Inguma PL/SQL Fuzzer a little bit (adding my own enhancements) and run it against 10.2.0.3 with Oracle Critical Patch Update (CPU) October 2007 applied. After running it for a while (without a database crash) Oracle reported the following errors messages in trace files:
—–
ORA-07445: exception encountered: core dump [ACCESS_VIOLATION] [_kghuclientasp+118] [PC:0×603D67AE] [ADDR:0×9253768] [UNABLE_TO_READ] []
ORA-07445: exception encountered: core dump [ACCESS_VIOLATION] [_kxsdcbc+205] [PC:0×8A7911] [ADDR:0×18] [UNABLE_TO_READ] []
ORA-07445: exception encountered: core dump [ACCESS_VIOLATION] [_kxsdcbc+123] [PC:0×8A78BF] [ADDR:0×18] [UNABLE_TO_READ] []
ORA-07445: exception encountered: core dump [ACCESS_VIOLATION] [_qmuhshget_internal+228] [PC:0×605738A8] [ADDR:0×6474636B] [UNABLE_TO_READ] []
ORA-00600: internal error code, arguments: [kohcpi298], [], [], [], [], [], [], []
ORA-00600: internal error code, arguments: [KGHALO2], [0×0], [], [], [], [], [], []
ORA-00600: internal error code, arguments: [qmsVarrayElemtds:pd or extra tmx], [], [], [], [], [], [], []
oracle.jdbc.driver.OracleSQLException: ORA-00933: SQL command not properly ended
oracle.jdbc.driver.OracleSQLException: ORA-01742: comment not terminated properly
oracle.jdbc.driver.OracleSQLException: ORA-01756: quoted string not properly terminated
——-
Some of the error messages are indication (just indication) for SQL Injection and buffer overflows. I will investigate…
Antwort schreiben
Sie müssen als angemeldet sein, um einen Kommentar schreiben zu können.