Defcon 17 Slides, Demos and Tools

August 4, 2009

Here are my slides and video demonstrations which i presented at Defcon 17.

Defcon_Oracle_The_Making_of_the_2nd_sql_injection_worm

View more documents from guest785f78.

There are 3 demos to go with the slides:

Demo 1: Exploiting PL/SQL Injection from Web Applications.

Demo 2: Exploiting SQL Injection in Oracle Applications with Bsqlbf

Demo 3: A proof of concept of Oracle SQL Injection Worm

Tools: There are 2 tools shown in demos above:
1. Bsqlbf: Download from Project Homepage
2. OAP_Hacker.pl: Download Here

Enjoy!! 🙂
————————
Advert: Testking 1Y0-A06 questions and 1Y0-A08 practice test are enough to pass 70-448 exams on first attempt without any difficulty

Comments

1 Comment

  • Thibow says:
    November 16, 2009 at 10:30 am

    Excelent !

    Vraiment pas mal, j’en avais entendu parler a l’occasion des Black Hat 2009, c’est la première video que je vois montrant l’exploitation et le principe …

    Complétement allucinant, qu’une injection SQL soit capable d’éxécuter des commandes directement sur le serveur !

    Grand merci pour l’archive 😉

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Trackback