Calendar
August 2008
M D M D F S S
« Jul   Okt »
 123
45678910
11121314151617
18192021222324
25262728293031

New Oracle bugs and BSQL Hacker

Today I reported 6 new security vulnerabilities to Oracle (2 Data Vault, 2 Auditing, 1 Discoverer, 1 Password Verification Function). Even if Oracle Security is getting better (see also discussion on Pete’s Blog) there are still enough bugs available.

Portcullis Labs released their free scanner BSQL Hacker for detecting blind sql injection. BSQL Hacker is supporting Oracle, MSSQL and MySQL. At the moment I have no time to play longer with this tool but it looks promising (see video).

1 Antwort auf “New Oracle bugs and BSQL Hacker”

  1. mh sagt:

    i know we never added oracle modules, but have you ever checked out squeeza? http://www.sensepost.com/research/squeeza ?

    It does full binary safe extraction via error messages, dns and timing.. and has a (we thought) fairly interesting accompanying paper..

Antwort schreiben

Sie müssen als angemeldet sein, um einen Kommentar schreiben zu können.