Pete Finnigan's Oracle Security Weblog

Alex has added 4 new exploits to the exploits section of his website. These are for bugs that have been fixed in recent CPU's. The exploits are:

"SQL Injection via Oracle KUPV$FT in Oracle 10g R1" - This is an interesting exploit based on the Bunker exploit on the same function. The interesting thing is the IDS evasion technique used to translate the calls into meaningless text using the translate function. It can be used to gain DBA privileges

"SQL Injection via Oracle KUPM$MCP in Oracle 10g R1" - Similar to the exploit above but without the IDS evasion techniques

"SQL Injection via Oracle KUPW$WORKER in Oracle 10g R1 - again similar to the first exploit and again based on the bunker exploit and also showing again the IDS evasion techniques.

"Local Privilege Escalation in Oracle 10g R2" - This exloit can be used to gain DBA privileges locally on a Windows box. This is Cesar Cerrudo's recent exploit, the C code is based on the NULL DACL issues that David Litchfield revealed on the Oracle-L list and also in his recent book.