- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
Using Oracle Forensics to determine vulnerability to Zero Day exploits
- Abstract
- This paper has shown the reader what PLSQL injection is and how it can be exploited to gain DBA whilst bypassing current IDS technology. We then explored how to find PLSQL injection vulnerabilities in order to identify potential new zerodays. Then by comparing DBstates before and after January 2007 CPU installation both silently fixed bugs and mistakenly omitted fixes were identified in the CPU installation process. A differentiation was made between potential vectors of SQL injection such as triggers and the actual underlying source of vulnerability in dependency code. The process of tracing back the dependencies to join the vector to the source of the vulnerability were shown. The best verification of vulnerability was then used i.e. reading the code itself. The change made at code level by the CPU installation was inspected thus identifying the use of prepared statements by Oracle, in the patched code in order to secure against SQL injection.