Here are my slides and video demonstrations which i presented at Defcon 17.
There are 3 demos to go with the slides:
Demo 1: Exploiting PL/SQL Injection from Web Applications.
Demo 2: Exploiting SQL Injection in Oracle Applications with Bsqlbf
Demo 3: A proof of concept of Oracle SQL Injection Worm
Tools: There are 2 tools shown in demos above:
1. Bsqlbf: Download from Project Homepage
2. OAP_Hacker.pl: Download Here
Enjoy!! 🙂
————————
Advert: Testking 1Y0-A06 questions and 1Y0-A08 practice test are enough to pass 70-448 exams on first attempt without any difficulty
Comments
1 Comment
Excelent !
Vraiment pas mal, j’en avais entendu parler a l’occasion des Black Hat 2009, c’est la première video que je vois montrant l’exploitation et le principe …
Complétement allucinant, qu’une injection SQL soit capable d’éxécuter des commandes directement sur le serveur !
Grand merci pour l’archive 😉
Trackback