penetration-testing.7safe.com Sumit Siddharth (Sid) of 7Safe Penetration Testing, discusses the release of his new paper on Hacking Oracle via web applications. This paper discusses the exploitation techniques available for exploiting SQL Injection from web applications against the Oracle database. Most of the techniques available over the Internet are based on exploitation when attacker has interactive access to the Oracle database, ie he can connect to the database via a SQL client. While some of these techniques can be directly applied when exploiting SQL injection in web applications, this is not always true. Unlike MS-SQL, Oracle neither supports nested queries, nor has any direct functionality like xp_cmdshell to allow execution of operating system commands. Extraction of sensitive data from a back-end database by exploiting SQL injection in Oracle web applications is well known. Performing privilege escalation and executing operating system commands from web applications is not widely known, and is the subject of this paper.
Subscribe to our NewsletterLoading...
Tag CloudAnti Virus Protection Backtrack Blackhat Blog Botnet Cisco Cloud Security Cracking Cyber Security cyber security conference Data Security Educational Purposes Exploit Free Anti Virus Google Hack Hacking Hard Drive Recovery Honey Pot Honeypot Internet Security Lessons Learned Linux Mainstream Malware Management Tools Metasploit Mitm Network Security Nmap Passwords Penetration Penetration Testing Remote Exploit Security Test Speakers Ssl Steganography Symantec Testing Tool Voip Testing Vulnerabilities Wireshark Zero Day Zeus