[Dailydave] SQL Hooker Release
Hamid . K
elite_netbios at yahoo.com
Thu Oct 18 17:33:32 EDT 2007
Hi.
Nice piece of script ,integrated into ID.
Using this script to deeply monitor and audit web-application flaws
is indeed interesting , but I`m thinking about some more interesting
results, an enhanced version of this toy may produce :
How about automating the process of auditing Oracle internals for hunting
even more pl/sql injections ? :>
I`m not sure how much extra work may be required , but I don`t think it would
be much complex.
Rather than hooking SQL OLEDB , it can be fine-tuned for
attaching to related oracle process , waiting for the other side (second script*)
to trigger an injection in list of targeted packages/stored procedures . output would
be a list of packages/SPs in oracle , harmed by second-script* and detected by hooker script.
Second-script* , would be a parser engine , reading list of stored procedures among
their parameters for example, and sending them to oracle from any query interface,
while manipulating some of parameters ...
example,
Regards
Hamid.K
----- Original Message ----
From: Dave Aitel <dave at immunityinc.com>
To: dailydave <dailydave at lists.immunitysec.com>
Sent: Thursday, October 18, 2007 9:10:06 PM
Subject: [Dailydave] SQL Hooker Release
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://forum.immunityinc.com/index.php?topic=92.0
JMS and I decided to put our code where our mouth was.
It looks a lot like this:
PyCommands $ python sql_listener.py 80812.4
Set up XMLRPC Socket on 0.0.0.0 port 8081
select count(*) from users where userName='cow' and userPass='boy'
10.10.10.243 - - [18/Oct/2007 13:03:17] "POST / HTTP/1.0" 200 -
Next up - file operation hooking perhaps? :>
- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHF5p0B8JNm+PA+iURAtFlAKDhW3CVqVd6S621t4kdsQ1Y0sb2cgCg7JY5
QaZkG+j3E5b6NO0SJrR3yM8=
=bvnS
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave at lists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the Dailydave
mailing list