Archive for the ‘Allgemein’ Category

Interesting Article about SQL Injection in Oracle by Mike Smithers

Montag, Februar 15th, 2010

Mike Smithers, a former colleague, maintains a nice blog called „The Anti-Kyte„. He wrote a really interesting article „Self-Inflicted SQL Injection – don’t quote me !“ about SQL Injection in Oracle.

Well written Mike.

Oracle Blackhat video removed from Website

Freitag, Februar 5th, 2010

Blackhat removed the video from David Litchfield (containing the 0day exploit code for 11g) from their website. But it’s too late because the 0day code for 11g can be found in the meantime in many places.

The video was downloaded several times and it’s just a question of time until it re-appears…

BTW Oracle 10.2.0.4 with all security patches is vulnerable against this issue too. But the exploit must be modified a little bit.

Selling stolen bank data to the government for 2.5 Million EUR?

Samstag, Januar 30th, 2010

I came across an interesting article in the German newspaper FAZ. Someone is offering data of 1500 Swiss bank customers (with black money) to the German government for 2.5 Million EURO. A quick check of the tax fraud investigators showed that the data is reliable.

The Return on Invest (ROI) is approx. 100 Mill EUR for the German government (4% for the data thief). Our minister of finance is still thinking if he should make this deal. This would be good for the German government (more money, less taxes for Germans) but bad for the Swiss banking industry.

How Oracle controls access to security vulnerabilities

Mittwoch, November 25th, 2009

Shaomin Wang from Oracle has posted an interesting blog entry „How Oracle controls access to security vulnerabilities„. There are 3 different access types: Default Access, Global Access and Hierarchical Access.

Depending from the role inside of Oracle (e.g. Global Product Security staff, normal employees or their managers) people have the right to view an individual security bug or all security bugs.

This is a big improvement comparing to the time when I was an Oracle employee several years ago. At that time everybody inside of Oracle had access to security bug information.

The only problem nowadays are security bugs which are not marked as security bugs because Oracle support employees are not aware of the security impact of a normal bug. These bugs are often accessible via MyOracleSupport even for Oracle customers.

Metasploit 3.3 is out

Dienstag, November 17th, 2009

Metasploit 3.3, the leading exploit framework is out. Here an extract from the Metasploit blog:

Oracle exploit support has been implemented through a tag-team effort between MC and Chris Gates, with assistance from Alexander Kornbrust. Oracle modules have been developed for exploiting TNS protocol stack and Web-based Oracle services, as well as post-authentication database-level privilege escalation flaws.

Version 3.3. (release notes) is the largest known ruby application (375,000 lines of code) and comes with some new Oracle features

  • Support for the Oracle InstantClient Ruby driver as an exploit mixin
  • Extensive support for exploitation and post-exploitation tasks against Oracle databases

Have fun using Metasploit.