Home » Hacking News » Exploit code for Oracle ready
Exploit code for Oracle ready
by Nikola Strahija on October 21st, 2005 A code that exploits a recently patched hole in Oracle database's server is already circulating. Alexander Kornbrust, a business director at Red-Database-Security warned that The Full Disclosure security mailing list posted a code for Oracle database buffer overflow exploit.
Web applications that work with the database could be tricked into sending malicious database queries using the SQL language, Kornbrust said.
The exploit could be used either by an attacker who had user credentials on an unpatched database or by a remote attacker, using an SQL injection attack over the Internet, Kornbrust said. -I tried the exploit and it's working, he said.
In a statement posted with the patch bundle, Oracle said that versions 9i and 10g of the database software were vulnerable to the bug, but the exploit published on Full Disclosure affects only 10g users, according to Kornbrust.
