In the first week of January Alexandr Polyakov from dsec.ru has published 3 exploits on the website of dsec.ru.
Alexandr has published also a really good whitepaper how to guess the SID of Oracle databases. Some of the bugs (database control/database vault control) and techniques (like the concept sidguessing) were found / developed first by Red-Database-Security.
The whitepaper describes
- Getting the SID and Servicename
- Guessing the SID (default SID, typical SID, dictionary, Bruteforce)
- Searching the SID (Database Control, XDB,…)
- Getting the SAP SID
- Getting the SID via SQL Injection
- Getting the SID via the target system (Registry, FTP, MSSQL, OS account)
- Getting the SID from the company network (Sniffing, another DB, …)