- Alexander Kornbrust Oracle Security Blog - http://blog.red-database-security.com -

Defcon Presentation about an Oracle Worm, oap_hacker and bsqlbf

Dieser Eintrag stammt von Alexander Kornbrust Am 5 Aug 2009 @ 06:19 In Exploit, SQL Injection, Oracle Security | Kommentarfunktion deaktiviert

Sumit Siddharth has published his Defcon presentation about “[1] The Making of Second SQL Injection Worm (Oracle Edition)“.

Sumit describes the differences between SQL Injection and PL/SQL Injection and presents his tool “[2] oap_hacker.pl” which allows to run OS commands via Java. oap_hacker.pl and [3] Bsqlbf v.2.3 are using a PL/SQL Injection bug in dbms_export_extension (the [4] old one and not the [5] new one which was fixed with the CPU July 2009).

BTW, the (underground) tool [6] darkORASQLi.py to dump data from Oracle databases is also using the dbms_export_extension vulnerability to run OS command.

A demo of his Oracle worm ora_w0rm.pl is available on [7] YouTube.

Here are some screenshots how to overtake a client PC accessing an (via worm) infected Oracle System:

[8] Oracle Worm 1

[9] Oracle Worm 2

[10] Oracle Worm 3

[11] Oracle Worm 4

Very interesting work. Thanks Sumit for this presentation.

Dieser Artikel wurde ausgedruckt ab Alexander Kornbrust Oracle Security Blog: http://blog.red-database-security.com

URL zum Artikel: http://blog.red-database-security.com/2009/08/05/defcon-presentation-about-an-oracle-worm-oap_hacker-and-bsqlbf/

URLs in this post:
[1] The Making of Second SQL Injection Worm (Oracle Edition): http://s3.amazonaws.com/ppt-download/defconsidrev3-090804071431-phpapp01.pdf?Sig
nature=dB706f%2FyDFk%2FJ78nCnhXyckxwGk%3D&Expires=1249425268&AWSAccessKeyId=1Z5T9H8PQ39V6F79V8G2
[2] oap_hacker.pl: http://www.notsosecure.com/folder2/oap_hacker.pl
[3] Bsqlbf: http://code.google.com/p/bsqlbf-v2/
[4] old: http://www.red-database-security.com/exploits/oracle-sql-injection-oracle-dbms_e
xport_extension.html
[5] new: http://www.red-database-security.com/advisory/oracle_plsql_injection_dbms_export
_extension.html
[6] darkORASQLi.py: http://forum.darkc0de.com/index.php?action=vthread&forum=8&topic=11271&a
mp;page=0#msg79385
[7] YouTube: http://www.youtube.com/v/asrdtxLWlYE&color1=0xb1b1b1&color2=0xcfcfcf&
;hl=en&feature=player_embedded&fs=1
[8] Image: http://www.red-database-security.com/pictures/oraworm1.png
[9] Image: http://www.red-database-security.com/pictures/oraworm2.png
[10] Image: http://www.red-database-security.com/pictures/oraworm3.png
[11] Image: http://www.red-database-security.com/pictures/oraworm4.png

Klicken hier zum Drucken.