Client Side Database Protocol Attack
|
|
|
||||||||||
Description:
This is an example of a database protocol attack on the client side for Oracle 10i. Using a Hex or Text editor it is possible to modify the SQL login stream on the client side in a way that takes advantage of the Oracle Database User running as DBA. As such, compromising that process - i.e. buffer overflow, allows the injection of code to be used causing anything from a denial of service attack to data modification on the Oracle server side database. In this case we create a new user, with DBA privileges, using a method that doesn't even require the initial login to be successful.
Thanks go out to Netinfinity (vitomir [] securitytube.net) for referring this video to us. We encourage you to visit his blog for interesting articles on Security and Hacking.
Thanks go out to Netinfinity (vitomir [] securitytube.net) for referring this video to us. We encourage you to visit his blog for interesting articles on Security and Hacking.