Three Tier Oracle Security in London ~ Paul M. Wright

ORACLE SECURITY AND COMPUTER FORENSICS

Three Tier Oracle Security in London ~ Paul M. Wright RSS Feed
 
«
»

Searching extended audit using case insensitive search

An IDS evading attack:

SQL> SELECT paSsWOrd, username from DBA_USERS where username = (chr(83)|| chr(89)||chr(83));

PASSWORD                       USERNAME
—————————— ——————————
0C15939594CE60D2               SYS

DB Extended audit will record the text of the attack in the extra column called SQLTEXT which is a CLOB.

This is a query that can be used to search it in a case agnostic manner.

select auditid, sqltext from sys.aud$ where TO_CHAR(upper(sqltext)) like ‘%PASSWORD%’;

March 20th, 2007 | Category: Uncategorized | Subscribe to comments | You can skip to the end and leave a response. Pinging is currently not allowed

Leave a Reply

You must be logged in to post a comment.