Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Exploit code for Oracle ready

Exploit code for Oracle ready

by Nikola Strahija on October 21st, 2005 A code that exploits a recently patched hole in Oracle database's server is already circulating. Alexander Kornbrust, a business director at Red-Database-Security warned that The Full Disclosure security mailing list posted a code for Oracle database buffer overflow exploit.


Web applications that work with the database could be tricked into sending malicious database queries using the SQL language, Kornbrust said.

The exploit could be used either by an attacker who had user credentials on an unpatched database or by a remote attacker, using an SQL injection attack over the Internet, Kornbrust said. -I tried the exploit and it's working, he said.

In a statement posted with the patch bundle, Oracle said that versions 9i and 10g of the database software were vulnerable to the bug, but the exploit published on Full Disclosure affects only 10g users, according to Kornbrust.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »