Preseps - Differences Perspective
Latest PDFs
Popular PDFs Topics
| SAP Tutorial... | (303646 hits) |
| Toshiba... | (158405 hits) |
| C Programming... | (135778 hits) |
| Chevrolet... | (130442 hits) |
| Xbox 360... | (127269 hits) |
| Ford... | (112814 hits) |
| Digital Camera... | (109961 hits) |
| Shell Programming... | (98824 hits) |
| Toyota... | (88676 hits) |
| Acer... | (81957 hits) |
Latest PDFs Download
PDF Topic Tags
Sponsored Links
Oracle PL/SQL Injection
Source: www.blackhat.comTopic: Oracle Programming
Short Desciption:
NGS Consulting Next Generation Security Software Ltd. What is PL/SQL? What is PL/SQL? • Procedural Language / Structured Query Language • Oracles extension to standard SQL Programmable like T-SQL ...
Content Inside:
NGS Consulting Next Generation Security Software Ltd. Oracle PL/SQL Injection David Litchfield NGS Consulting Next Generation Security Software Ltd. What is PL/SQL? What is PL/SQL? • Procedural Language / Structured Query Language • Oracles extension to standard SQL Programmable like T-SQL in the Microsoft world. • Used to create • Stored Procedures • Functions • Packages (collections of procedures and functions) • Triggers • Objects • Extends functionality with External Procedures NGS Consulting Next Generation Security Software Ltd. Privileges - Definer vs. Invoker rights Privileges - Definer vs. Invoker rights • PL/SQL executes with the privileges of the definer • A procedure owned by SYS executes with SYS privileges • AUTHID CURRENT_USER keyword • PL/SQL created using the AUTHID CURRENT_USER keyword executes with the privileges of the invoker • A procedure owned by SYS but called by SCOTT executes with the privileges of SCOTT • Analogous to Suid programs in the *nix world. NGS Consulting Next Generation Security Software Ltd. PL/SQL over the Web PL/SQL over the Web • Oracle Application Server / Web Portal • http://server/pls/dad/pkg.proc?p_in=foobar • Acts as a proxy, passes request to the database server and the PL/SQL executes inside the database server - not the front end. NGS Consulting Next Generation Security Software Ltd. PL/SQL Injection PL/SQL Injection • SELECT statements • DML - UPDATE, DELETE, INSERT • Anonymous PL/SQL Blocks in Procedures NGS Consulting Next Generation Security Software Ltd. PL/SQL SELECT Example PL/SQL SELECT Example CREATE OR REPLACE PROCEDURE LIST_LIBRARIES(P_OWNER VARCHAR2) AS TYPE C_TYPE IS REF CURSOR; CV C_TYPE; BUFFER VARCHAR2(200); BEGIN DBMS_OUTPUT.ENABLE(1000000); OPEN CV FOR SELECT OBJECT_NAME FROM ALL_OBJECTS WHERE OWNER = || P_OWNER || AND OBJECT_TYPE=LIBRARY; LOOP FE ...
Incoming Search Terms
Related PDF Files
Oracle SQL Tuning Pocket Reference*
Topic: Oracle Programming
www . DanHotka .com Quarterly Newsletter DHotka@Earthlink.net Winter 2003 Dan Hotka is a Training Specialist who has over 24 years in the computer industry and over 19 years experience with Oracle ...
Oracle Application Server
Topic: Oracle Programming
Oracle Application Server PL/SQL Web Toolkit Reference, 10 g Release 2 (10.1.2) B15896-01 Copyright © 1996, 2005, Oracle. All rights reserved. Primary Author:
Oracle Reports Tutorial
Topic: Oracle Programming
Oracle Reports Tutorial, 10 g Release 2 (10.1.2) B14364-01 Copyright © 2003, 2005, Oracle. ... Glossary-4 Java A computer language that supports programming for the Internet in the form of ...
Intro to PL/SQL
Topic: Oracle Programming
Introduction to PL/SQL 2-day Workshop Give your IT staff the knowledge of using Oracles procedural language: PL/SQL. The focus of this course is to students with a working knowledge of SQL the ...
Oracle BPEL Process Manager 10.1.2.0.x
Topic: Oracle Programming
This document describes how BPEL and the Oracle BPEL Process Manager facilitate development of SOA applications through composing synchronous and asynchronous. What is unique about the Oracle BPEL Designer is that it uses BPEL as its. native format. ...
Sponsored Links
