Oracle Exploits / Exploit
This page does not not contain 0day exploits.
All exploit code on this website is already out there, e.g. in newsgroups, on websites (like bugtraq). Hacker and script kiddies are using such code every day. DBAs and security professionals like pentester or auditors should know how to escalate privileges, become DBA, become root, decrypt data, crash a database or doing a denial of service attack.
A lot of proof-of-concept code can be found in Metalink if you know how to search in Metalink. Red-Database-Security GmbH will soon publish a document how to find exploit code in the knowledge base of Oracle (Metalink).
Listener Exploits - Learn why it is important to protect your TNS Listener. With a few simple commands everyone (with listener access) can overtake the listener first and after that your database.
Oracle 8i Exploits - There are a still Oracle 18.104.22.168 instances out there (even if desupported). If you have an older version of 8i please try to update at least to 22.214.171.124 plus the latest security patchsets. Check the Critical Patch Updates on from secalert on a regular bases for additional information.
Oracle 9i Exploits - Many customers are still using 126.96.36.199. If you are not using the latest patchset / patchsets it is possible to become DBA with a single command (e.g. via CTXSYS.DRILOAD, DBMS_METADATA, DBMS_CDC_SUBSCRIBE)
Oracle 10g Exploits - More secure than 8i or 9i. Contains new features (like dbms_scheduler) with new security issues.
Oracle 11g Exploits. Latest version of the Oracle database
Oracle Application Server Exploits - Many software products like Oracle E-Business-Suite, Oracle Clinical, Oracle Collaboration Suite, custom development software ... are using OAS / iAS.
Oracle Application Express Exploits - The web application development tool APEX is used to develop and deploy applications that are hosted in the Oracle database.
Oracle Weblogic Exploits - WebLogic is a Java platform for developing, deploying, and integrating enterprise applications.
Other websites with Oracle exploit code
© 2005-2009 by Red-Database-Security GmbH - last update: 2-jul-2009