Oracle Cheat Sheet Page 2
ADVERTISEMENT
1
2
3
4
5Hacking Oracle
–
-
Version 1.5.0 - 29-Jan-2008
OCI-Connection
XMLDB
(TNS Listener available
(default 1521))
SID unknown
(via SQL Injection in
9.2.0.6/7 + Listener
webapp)
Password
Oracle 10g R1/R2
Oracle 7-9i R2
or
Oracle 9iR2 - 11g
Oracle 10g R1/R2
(use Database/Grid/
(lsnrctl status ip)
Auditvault Control
(select global_name
(use sidguess to
/em/console)
from global_name)
bruteforce SID)
SID known
Oracle account
Oracle account
Oracle account
Oracle account
unknown
known
unknown
known
Brute-force accounts
SQL Injection via
Brute-force accounts
Brute-force accounts
xmldb & transform
(e.g. dbsnmp/dbsnmp,
outln/outln, sys/
(e.g. with hydra against
(e.g. with hydra against
(use lowprivileged user
change_on_install,
FTP (2100), dbsnmp,
HTTP (8080), dbsnmp,
to get DBA privileges)
Escalate
system/manager)
outln, sys, system)
outln, sys, system)
privileges if not
until 9.2.0.6 – 10.1.0.4
DBA
(7.x-10.2.0.2 with
10i R1
SQL Injection
Update selectable
Update selectable
10g – 11g
CPU Jan 2006)
Change public
10g – 11g
Use SQL injection in
DBMS_EXPORT_EX
tables via specially
tables via specially
use utl_tcp to modify
Privilege escalation in
Patch oraclient10.dll
synonym
dbms_scheduler &
Oracle packages,
TENSION
crafted inline views
crafted views
TNS-Listener settings
vulnerable 3rd-party /
and login or
dbms_assert and
run sqlplus „/ as
e.g.
(fixed with CPU July
(fixed with CPU
(fixed for 10g R2 with
(change glogin.sql via
customer code
ora-auth-alter-
inject sql code
sysdba“
KUPM$MCP
2006)
October 2006)
CPU Juli 2007)
listener.log)
session.exe
This is only a small subset of possiblities to become DBA
ADVERTISEMENT
0 votes
Related Articles
Related forms
Related Categories
Parent category: Education