David Litchfield has just published two chapters from his book The Oracle Hacker’s Handbook: Hacking and Defending Oracle.

Indirect Privilege Escalation (PDF)

In this chapter, David gives two examples, one with CREATE ANY TRIGGER and another with CREATE ANY VIEW to demonstrate how these privileges can be abused to gain DBA privileges. In fact, a user who […]

Johan Louwers published an Oracle Applications passwords decryption vulnerability that allows a malicious user to expose the passwords of any Oracle Applications user. In Oracle E-Business Suite, usernames and their encrypted passwords are stored in the table fnd_user:

SQL> desc fnd_user; Name […]

David Litchfield published a paper demonstrating how an unclosed or dangling cursor created and used by DBMS_SQL can lead to a security hole.

I ran his proof of this vulnerability on my Oracle Database 10g Express Edition database.

Connected as SYS:

SQL> CREATE OR REPLACE PROCEDURE pwd_compare(p_user VARCHAR) IS 2 cursor_name INTEGER; 3 […]

I stumbled upon this website which has the following interesting screencasts demonstrating the use of a penetration testing tool for Linux:

Tunneling Exploit WEP Cracking Spoof attack Client side attack

(IE may not display the screencasts correctly. Best viewed in Firefox)

It also has this interesting, and rather disturbing, animated GIF image:

click to see it in action

And finally, a web page […]

Read (PDF) how easy it is to find sensitive information like unknown security bugs, … with Oracle Metalink.