Mike Smithers, a former colleague, maintains a nice blog called „The Anti-Kyte„. He wrote a really interesting article „Self-Inflicted SQL Injection dont quote me !“ about SQL Injection in Oracle.
Well written Mike.
Mike Smithers, a former colleague, maintains a nice blog called „The Anti-Kyte„. He wrote a really interesting article „Self-Inflicted SQL Injection dont quote me !“ about SQL Injection in Oracle.
Well written Mike.
Blackhat removed the video from David Litchfield (containing the 0day exploit code for 11g) from their website. But it’s too late because the 0day code for 11g can be found in the meantime in many places.
The video was downloaded several times and it’s just a question of time until it re-appears…
BTW Oracle 10.2.0.4 with all security patches is vulnerable against this issue too. But the exploit must be modified a little bit.
I came across an interesting article in the German newspaper FAZ. Someone is offering data of 1500 Swiss bank customers (with black money) to the German government for 2.5 Million EURO. A quick check of the tax fraud investigators showed that the data is reliable.
The Return on Invest (ROI) is approx. 100 Mill EUR for the German government (4% for the data thief). Our minister of finance is still thinking if he should make this deal. This would be good for the German government (more money, less taxes for Germans) but bad for the Swiss banking industry.
Shaomin Wang from Oracle has posted an interesting blog entry „How Oracle controls access to security vulnerabilities„. There are 3 different access types: Default Access, Global Access and Hierarchical Access.
Depending from the role inside of Oracle (e.g. Global Product Security staff, normal employees or their managers) people have the right to view an individual security bug or all security bugs.
This is a big improvement comparing to the time when I was an Oracle employee several years ago. At that time everybody inside of Oracle had access to security bug information.
The only problem nowadays are security bugs which are not marked as security bugs because Oracle support employees are not aware of the security impact of a normal bug. These bugs are often accessible via MyOracleSupport even for Oracle customers.
Metasploit 3.3, the leading exploit framework is out. Here an extract from the Metasploit blog:
„Oracle exploit support has been implemented through a tag-team effort between MC and Chris Gates, with assistance from Alexander Kornbrust. Oracle modules have been developed for exploiting TNS protocol stack and Web-based Oracle services, as well as post-authentication database-level privilege escalation flaws. “
Version 3.3. (release notes) is the largest known ruby application (375,000 lines of code) and comes with some new Oracle features
Have fun using Metasploit.