Home Forums Columns Gates [Article]-Oracle Web Hacking Part II

[Article]-Oracle Web Hacking Part II

Viewing 3 reply threads
  • Author
    Posts
    • November 22, 2011 at 1:55 pm #7066
      Don Donzal
      Keymaster

      Enjoy Part 2 of 3 in this series from regular EH-Net Columnist. Feel free to give feedback and make suggestions as to what you’d like to see next from Chris.

      Permanent link: [Article]-Oracle Web Hacking Part II

      Chris Gates, CISSP, CISA, GCIH, GPEN, C|EH

      In the first article, Oracle Web Hacking Part I, I talked about scanning Oracle Application Servers for default content and how to use that content for information gathering.  A pentester can utilize that information to run SQL queries and to gain a foothold into the network. I also talked about iSQLPlus and some fun things you can do with that application, if you are able to guess credentials for it.  I also showed some Metasploit modules to help you accomplish all of it.

      In Part 2 of 3 of this ongoing series of columns, I’ll dive into attacking the Oracle Application Server Portal (OracleAS Portal).  I’ll focus on Oracle 9i and 10g up to Release 2.  With 11g (10.3.x) Oracle moved to Weblogic, and it’s completely different and therefore out of the scope of this series.  But there are plenty of shops out there still using 9i and 10g, which gives us plenty of opportunity for breaking stuff.  So, let’s get to it.

      Don

      • This topic was modified 3 years, 1 month ago by Don Donzal.
      • This topic was modified 3 years, 1 month ago by Don Donzal.
    • November 22, 2011 at 4:03 pm #43908
      l33t5h@rk
      Participant

      Excellent stuff as always by Chris Gates. We have legacy IFS in our infrastructure and just did a massive migration from Solaris app server to Glassfish 3.0 (aka XSS hotbed) and have faced somewhat severe challenges w/ Oracle security. Apparently a lot of fixes in the version we’re upgrading to (3.1) but again thanks for the piece, scary insight.

    • February 16, 2021 at 10:39 pm #179056
      lorwal
      Participant

      Every Xbox One user needs to have a Microsoft account and a Gamertag. There are several ways to transfer all your games and personal data from one Xbox One to another. Get some of the best hints and tips on how to set up your Xbox One aka.ms/xboxsetup and get the best out of your new console.

    • July 21, 2021 at 4:23 am #181756
      pfokussale
      Participant

      pFOkUS has been established with the vision of manufacturing incredible restoration products, making the unsighted floor, shower, bathtub and countertop look new. No matter how bad the stains are, our cleaners will make the surface come to life while eliminating all the deep stains, bacteria, mold and mildew.

  • Author
    Posts
Viewing 3 reply threads
  • You must be logged in to reply to this topic.

EH-Net - New Member Offer - Free eLS PTS Barebone Ed

EH-Net TV - Column Header

Upcoming Webinars

EH-Net Live! Thurs Oct 29 @ 1:00 PM US ET. Details Coming Soon!

EH-Net Live! January 2019 - A Perfect Crime

Past Webinars

EH-Net Live! Sept – Video & Deck Available Now! for “Android Hacking Proving Ground!” w/ Kyle Benac from Sept 24.

EH-Net Live! AugVideo & Deck Available Now! for “TryHackMe – Behind the Curtain” w/ Ben Spring and Ashu Savani from Aug 27.

EH-Net Live! JuneVideo & Deck Available Now! for “CISO Underrepresented” w/ Mark Arnold and Steph Ihezukwu from June 30.

EH-Net Live! MayVideo & Deck Available Now! for “Bad As You Want To Be – Adversary Emulation Basics” w/ Jake Williams from May 28.

See all EH-Net Live! Videos

More on the EH-Net YouTube Channel

Upcoming Events

There are no upcoming events at this time.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?