This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Hacking Oracle From Web

From OWASP
Revision as of 06:58, 24 July 2009 by Dhruvsoi (talk | contribs) (Created page with 'This talk will focus on exploiting SQL injections in web applications with oracle back-end. Mostly exploiting Oracle sql injections in web applications is considered to be restri…')

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

This talk will focus on exploiting SQL injections in web applications with oracle back-end. Mostly exploiting Oracle sql injections in web applications is considered to be restricted to extraction of data only. Oracle database does not offer hacker friendly functionalities such as openrowset or xp_cmdshell for privilege escalation and O.S code execution. Further, as web API do not support execution of multiple query in single statement, the exploitation is further restricted.

The Talk will highlight attack vector to achieve privilege escalation (from Scott to SYS) and O.S code execution by exploiting Oracle SQL injections in web applications. The talk will then focus on hacking other Oracle components from web such as Oracle Application server, Oracle Secure Back-up etc. Further, there will be demo of how a worm could target an Oracle back-end just as it targeted the SQL server applications.

Retrieved from "https://wiki.owasp.org/index.php?title=Hacking_Oracle_From_Web&oldid=66481"