Re: Paper: Snarfing attacks in Oracle DBMS_XMLGEN applications

From: Paresh Yadav <yparesh_at_gmail.com>
Date: Fri, 8 Nov 2013 11:45:17 -0500
Message-ID: <CAPXEL0JOSgg2Y2L3BMsGSJQigazzv44_9YNKJY38zTN14mP2eg_at_mail.gmail.com>

Hi David,

I haven't worked with DBMS_XMLGEN. Being on a slow Friday, I decided to check your while paper :). Thanks for sharing. I get the demo however.

In order to get the point across I think you might be better off demonstrating that the user won't be able to access the same data without using context handle. In your case it is possible for the user to execute the same/simillar SQL with 'MANGER' as the parameter without using the context handle. How about using context handle to access data from a table that the user doesn't have direct access to i.e. the user can get the data only by using a context defined in a package?

Thanks
Paresh
416-688-1003

On Fri, Nov 8, 2013 at 3:59 AM, <david_at_databasesecurity.com> wrote:

> Hello all,
> I�ve noted a weakness in the way DBMS_XMLGEN generates context handles.
> Due to this weakness it may be possible to gain access to sensitive data
> using a snarfing attack. Of course, this is totally dependent upon the
> application in question. You can get the paper here:
> http://www.davidlitchfield.com/Snarfing_attacks_in_DBMS_XMLGEN_Applications.pdf
> Cheers!
> David
>
>

--
http://www.freelists.org/webpage/oracle-l

Received on Fri Nov 08 2013 - 17:45:17 CET

This message: [ Message body ]
Next message: Paresh Yadav: "Re: Create Schema"
Previous message: Stephens, Chris: "RE: DBA 101: SQLPATH on windows"
In reply to: david_at_databasesecurity.com: "Paper: Snarfing attacks in Oracle DBMS_XMLGEN applications"
Next in thread: david_at_databasesecurity.com: "Re: Paper: Snarfing attacks in Oracle DBMS_XMLGEN applications"
Reply: david_at_databasesecurity.com: "Re: Paper: Snarfing attacks in Oracle DBMS_XMLGEN applications"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message