WebApp Sec mailing list archives
Re: Oracle SQL Injection
From: Esteban Martinez Fayo <secemf () yahoo com ar>
Date: Wed, 12 Jul 2006 13:44:01 -0700 (PDT)
Mark, This seems to be a SQL Injection vulnerability in a SELECT statement. You will not be able to inject DDL statements or UPDATE/INSERT/DELETEs. What you can do is inject a function call inside the SELECT statement. If you have access to the Oracle server and you can create a function, you will be able to execute it using the SQL Injection with elevated privileges. If you do not have access to the Oracle server, you will need to use one of the many Oracle functions vulnerable to buffer overflow or SQL Injection. You can see my last year BlackHat presentation for examples. You can download it from http://www.argeniss.com/research/OracleSQLInjBHUSA05.zip I think the examples in slides 27 and 34 can be applied in your situation. Esteban. --- Mark Keegan <mark.keegan () paradise net nz> wrote:
Hi Group, I am performing my first web assessment on a web application with an Oracle backend. Now I need to say that my background is solidly in the MS space and Oracle is a new beast to me. I have discovered that the application is open to SQL injection and while I can perform the typical UNION queries to harvest information from other tables I am failing to execute other statements such as INSERT, DELETES or DROPs. In MSSQL I can use a Semicolon ; to append these types of statements as follows: ;UPDATE sometable SET column x = 'blah'-- It appears that Oracle does not like this type of syntax where we are appending an UPDATE onto an existing SELECT statement. Could someone please point me in the right direction on how to execute these type of commands. I should also say that the application appears to be replacing a semicolon with a coma. Many Thanks Mark
-------------------------------------------------------------------------
Sponsored by: Watchfire Cross-Site Scripting (XSS) is one of the most common application-level attacks that hackers use to sneak into web applications today. This whitepaper will discuss how traditional CSS attacks are performed, how to secure your site against these attacks and check if your site is protected. Cross-Site Scripting Explained - Download this whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmr
--------------------------------------------------------------------------
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------------------------- Sponsored by: Watchfire Cross-Site Scripting (XSS) is one of the most common application-level attacks that hackers use to sneak into web applications today. This whitepaper will discuss how traditional CSS attacks are performed, how to secure your site against these attacks and check if your site is protected. Cross-Site Scripting Explained - Download this whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmr --------------------------------------------------------------------------
Current thread:
- Oracle SQL Injection Mark Keegan (Jul 11)
- Re: Oracle SQL Injection Tim (Jul 11)
- Re: Oracle SQL Injection Cesar (Jul 11)
- Re: Oracle SQL Injection Andrew van der Stock (Jul 11)
- RE: Oracle SQL Injection Mark Keegan (Jul 12)
- Re: Oracle SQL Injection Tim (Jul 12)
- RE: Oracle SQL Injection Mark Keegan (Jul 12)
- RE: Oracle SQL Injection Integrigy (Jul 12)
- Re: Oracle SQL Injection Tim (Jul 11)