Description: https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/New_and_Improved_Hacking_Oracle_from_Web
There are a number of attacks against Oracle database and in almost every other CPU there is a shiny new exploit which allows a malicious database user to gain DBA privileges on the back-end database. Exploiting things over web apps via a SQL Injection vulnerability, is not quite the same due to restrictions posed by the database. In 2010, I showed a few attack vectors which can be used, depending upon what privileges the database user has, to carry out advanced exploitation. Examples of advanced exploitation include privilege escalation attacks and OS code execution against back-end database. This talk will show new attack vectors which will allow an attacker to carry out any old/new exploit against oracle database via web apps. Unlike previous attack vectors these don't require any special privileges and exist from Oracle 9i to 11g R2.
Tags: securitytube , Confidence , hacking , hackers , information security , convention , computer security , owasp-12 , owasp-dc-2012 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.