7Safe advert

Hacking Oracle from the Web: Exploiting SQL Injection from Web Applications


February 2010 | Author: Sumit Siddharth (7Safe)

This paper discusses the exploitation techniques available for exploiting SQL Injection from web applications against the Oracle database. Most of the techniques available over the Internet are based on exploitation when attacker has interactive access to the Oracle database, i.e. he can connect to the database via a SQL client. While some of these techniques can be directly applied when exploiting SQL injection in web applications, this is not always true. Unlike MS-SQL, Oracle neither supports nested queries, nor has any direct functionality like xp_cmdshell to allow execution of operating system commands. Extraction of sensitive data from a back-end database by exploiting SQL injection in Oracle web applications is well known. Performing privilege escalation and executing operating system commands from web applications is not widely known, and is the subject of this paper.

Hacking Oracle from Web

Click here to Download (PDF)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

PCI DSS More About PCI DSS 7Safe Training Passports More About 7Safe Training Passports Computer Forensics Computer ForensicsPenetration Testing More About Penetration Testing