|
|
 |
| New User, Welcome! Login |
Re: SQL Smuggling
| From: |
Marco Ivaldi <raptor mediaservice net> |
| To: |
bugtraq securityfocus com |
| Cc: |
|
| Subject: |
Re: SQL Smuggling |
| Date: |
Wed - Sep 10, 2008 04:24 AM |
Avi,
On Tue, 9 Sep 2008, douglen@hotmail.com wrote:
[snip]
> Of course, I'm looking forward to hearing about other instances of
> this...
Interesting reasearch.
It looks like Oracle DBMS may be vulnerable to the "Unicode Smuggling"
attack exploiting homoglyphic translation. As outlined by David Litchfield
in an old full-disclosure post [1]:
"It didn't take long to discover that this patch could be bypassed using
the following techinque: due to internationalization, an Oracle database
server will convert the ? character (value 0xFF) to a capital Y. The PLSQL
Gateway will not. Thus, if we request:
http://www.example.com/pls/dad/S%FFS.PACKAGE.PROCEDURE
the gateway will happily pass it over to the database server where the ?
is conveted to a Y and we can gain access again".
Cheers,
[1]. See http://seclists.org/fulldisclosure/2006/Feb/0011.html
--
Marco Ivaldi, OPST
Red Team Coordinator Data Security Division
@ Mediaservice.net Srl http://mediaservice.net/
|
|
|
Copyright © 1995-2012 LinuxRocket.net. All rights reserved.
Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!
