Obtrusities: Where the Abstruse Meets the Obtuse

Wednesday, July 18, 2018

Oracle Privilege Escalation via Deserialization

›
TLDR: Oracle Database is vulnerable to user privilege escalation via a java deserialization vector that bypasses built in Oracle JVM secur...
Thursday, May 17, 2018

My Mispent Youth #TBT

›
In honor of Throwback Thursday, I'll take a detour from my usual dive into obtuse corners of penetration testing and security analysis, ...
Tuesday, April 24, 2018

Detecting and Implementing a DBMS_ASSERT Bypass

›
Overview The previous post discussed a bug in older versions of the Oracle dbms_assert.enquote_literal method, that could allow an attacke...
Thursday, April 19, 2018

Bypassing Oracle SQLi Protections

›
DBMS_ASSERT is a built in package in the Oracle database that is often used to protect dynamic SQL statements from SQL injection. However,...
Home
View web version

Contributors

  • Unknown
  • Unknown
Powered by Blogger.