Exploits for October 2008 CPU + whitepaper „Different ways to guess SIDs“ published

In the first week of January Alexandr Polyakov from dsec.ru has published 3 exploits on the website of dsec.ru.

Alexandr has published also a really good whitepaper how to guess the SID of Oracle databases. Some of the bugs (database control/database vault control) and techniques (like the concept sidguessing) were found / developed first by Red-Database-Security.

The whitepaper describes

  • Getting the SID and Servicename
  • Guessing the SID (default SID, typical SID, dictionary, Bruteforce)
  • Searching the SID (Database Control, XDB,…)
  • Getting the SAP SID
  • Getting the SID via SQL Injection
  • Getting the SID via the target system (Registry, FTP, MSSQL, OS account)
  • Getting the SID from the company network (Sniffing, another DB, …)

Leave a Reply

You must be logged in to post a comment.