Variation von GRANT DBA TO SCOTT

February 19th, 2007

Wieso IDS nur eine von mehreren Security-Massnahmen sein können: Interesting Payload to PLSQL exploit at Milw0rm von Paul Wright.

Instead of grant dba to scott the exploit payload inserts the values into sysauth$.
This will bypass many IDS signatures. David mentioned this to me quite a while ago and it is now public so better update those IDS rules.

Das Ganze anhand eines Exploits für Oracle 10g.

Related posts:

  1. Critical Patch Update January 2008 Pre-Release Announcement
  2. Ten Rules for Web Startups
  3. eBay replaces Greenplum with Teradata
  4. Shell Code
  5. BBED – Oracle Block Browser and EDitor: Kein Sicherheitsrisiko!
Posted by maol
Filed in Technology
No Comments »

Leave a Reply

Comments will be sent to the moderation queue.

Maximum 5 links per comment. Do not use BBCode.