Sie befinden sich in den Archiven der Kategorie Security.
| M | D | M | D | F | S | S |
|---|---|---|---|---|---|---|
| « Aug | ||||||
| 1 | 2 | 3 | 4 | 5 | ||
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | 30 | |||
- 11g (11)
- Allgemein (29)
- David Litchfield (7)
- Exploit (21)
- Forensics (5)
- Oracle Security (95)
- passwords (8)
- Repscan (1)
- Security (21)
- Sentrigo (5)
- software (9)
- source code audit (5)
- SQL Injection (24)
- Tools (24)
- Trainings (2)
- Tutorial (2)
- 5 Aug 2010: Oracle Presentations from Blackhat 2010 Las Vegas are online
- 18 Apr 2010: Blackhat 2010 Presentation "Oracle, Interrupted: Stealing Sessions and Credentials" online
- 15 Apr 2010: New fast Oracle DES password cracker OPS_SSE2
- 14 Apr 2010: Oracle 11g R2 client trojan warning from Antivir
- 13 Apr 2010: Python Source for PLSQL Unwrapper posted
- 13 Apr 2010: Oracle CPU April 2010 is out
- 13 Apr 2010: Improve Oracle TDE with Intel AES-NI
- 12 Apr 2010: Man-in-the-Middle attacks at upcoming Black Hat Europe
- 9 Apr 2010: Oracle CPU April 2010 - Prerelease
- 8 Apr 2010: Cool Web Application Scanner: Netsparker Community Edition
Oracle Security
SQL Injection
- August 2010
- April 2010
- März 2010
- Februar 2010
- Januar 2010
- Dezember 2009
- November 2009
- Oktober 2009
- September 2009
- August 2009
- Juli 2009
- Mai 2009
- April 2009
- März 2009
- Februar 2009
- Januar 2009
- Dezember 2008
- November 2008
- Oktober 2008
- August 2008
- Juli 2008
- Mai 2008
- April 2008
- März 2008
- Februar 2008
- Januar 2008
- Dezember 2007
- November 2007
- Oktober 2007
- September 2007
- August 2007
- Juli 2007
- Juni 2007
- Mai 2007
Archiv der Kategorie Security
Cool Web Application Scanner: Netsparker Community Edition
8 Apr 2010 von Alexander Kornbrust.
Today I want to present the Netsparker Community Edition.
Netsparker (from Mavituna Security) is the best web application scanner I know. Easy to use and a really good web application scanning results. It saved me a lot of time and helped me to find security bugs in Oracle applications (Enterprise Manager).
The best thing: The new community edition is free (OK, with some limitations).
The commercial versions have even more interesting features like Time Based Blind SQL Injection, Remote Code Injection, OS Level Command Injection , CRLF / HTTP Header Injection / Response Splitting, …. The entire feature (and price) list is available here.
Here is a screenshot from Netsparker:
If you are interested just download the community edition.
Geschrieben in software, Security, Allgemein | Drucken | Keine Kommentare »
Oracle 11.2.0.1 for Windows - dbms_jvm_exp_perms 0day fixed
6 Apr 2010 von Alexander Kornbrust.
This weekend I installed the new version of Oracle 11.2.0.1 (64 bit) for Windows. The 11.2 version for Windows is available since a few days.
I installed the 64 bit version (default installation (next - next - …)) without any problems on Windows 7 system. After that I run a default check with our database scanner Repscan 3 (the most advanced database scanner) against this new database version. According to Repscan this new 11.2.0.1 is no longer vulnerable against the DBMS_JVM_EXP_PERMS exploit and this is correct. Oracle has already fixed the problem. I expect a solution in the upcoming Oracle CPU April 2010.
A quick check in the Repscan database browser shows the difference in the privileges:
11.2.0.1.0 Linux:

11.2.0.1.0 Windows:

Oracle removed the public privilege from DBMS_JVM_EXP_PERMS and granted privileges to the roles “IMP_FULL_DATABASE” and “DATAPUMP_EXP_FULL_DATABASE”. The privileges of DBMS_JAVA and DBMS_JAVA_TEST are not modified.
The package DBMS_JVM_EXP_PERMS contains also a bug fix. A comparision between the Windows and Linux version shows the following differencein the package body.
— DBMS_JVM_EXP_PERMS (only in 11.2.0.1 Windows) ——————
[…]
– Check privs
sys.dbms_zhelp_ir.check_sys_priv(DBMS_ZHELP_IR.KZSSTA);
[…]
— DBMS_JVM_EXP_PERMS ——————
After that I analyzed the Oracle database with the Repscan database browser (really useful component, just try the trial version of Repscan) found a few suspicous audit entries in my audit log (sys.aud$).
A user AIME from the terminal “ST-ADC\DADVFH0169″ had a connection to my database?I know that the terminal “ST-ADC\DADVFH0169″ is a terminal somewhere from Oracle. A backdoor in 11.2.0.1? Someone from Oracle was accessing my database?
No. After I checked the timestamp I saw that this entry was created 2 days BEFORE I installed my database. Oracle only forgot to cleanup the audit log before delivering it to customers. If you install Oracle 11.2.0.1 you should truncate the SYS.AUD$ table to avoid questions from (internal/external) auditors.
Geschrieben in Repscan, 11g, Security | Drucken | Keine Kommentare »
Microsoft fixed null pointer IE6/IE7 bug (CVE-2010-0490)
30 Mrz 2010 von Alexander Kornbrust.
Microsoft released a patch for CVE-2010-0490. More than 1 year ago I reported this issue to Microsoft.
Finally they fixed the problem.
Bug History:
5-February-2009 - Bug reported to Microsoft Security Response Center
30-March-2010 - Patch for CVE-2010-0490 released
Geschrieben in Security | Drucken | Keine Kommentare »
New Repscan 3.0 is available
23 Feb 2010 von Alexander Kornbrust.
The latest version 3.0 of our database scanner Repscan is now available. This new version supports MS SQL Server and Oracle databases. Repscan comes with a large amount of new features and a complete new GUI (First database scanner with Office-2007 UI).
Here some of the new features of Repscan 3.0:
- Support for MS SQL Server (2000, 2005, 2008)
- Extremely user-friendly database configuration wizard (screenshot)
- Flexible tree control (re-group databases by status, hierarchy, …) (screenshot)
- Database security browser with drill down functionality (PDF, XLS, … export) (screenshot, screenshot)
- New reports (performance, used_features, …)
- Data Discovery (SSN, PII, Creditcard, Passwords, …)
- Database Enumeration (custom, NMap support) (screenshot)
- Pentest Features (Guess SID, Check default username/password combinations, …)
- Exploit & Code Library (screenshot)
- Version and Patch Information
- Skins
Here some (old) features of Repscan:
- Password plugin architecture
- Password plugins for Oracle DES, SHA1, OID, APEX, OVS
- Commandline features
- PL/SQL Source Code Analysis Report
Here some statements of Repscan 3.0 users:
“Repscan Rocks”, “I must have this tool.”, “Very cool stuff”, “really like the clean interface… checks are great”, “…tend to be more Oracle security information hub than just scanner :-)”
Over the next few weeks I will show here more details of some Repscan 3.0 features.
If you want to test Repscan 3.0 you can download it from our exclusive distributor Sentrigo
Geschrieben in software, Tools, source code audit, Security, Oracle Security, Allgemein | Drucken | Keine Kommentare »
Really good whitepaper about “Hacking Oracle from the Web”
22 Feb 2010 von Alexander Kornbrust.
Sumit Siddarth (Sid) has just published a really good whitepaper about “Hacking Oracle from the Web“.This is the most comprehensive published collection of different techniques for attacking Oracle from the web. Sid spent a lot of time composing the different techniques mentioned in various presentations and whitepapers.
Sid describes various techniques like data extraction (inband techniques like union or error messages, out-of-band techniques like heavy queries, blind, …), privilege escalation (sys.kupp$proc, dbms_repcat_rpc and dbms_export_extension) and OS code execution.
Well done Sid.
Geschrieben in Exploit, SQL Injection, Security | Drucken | Keine Kommentare »


