从黑客角度检验oracle数据库
2008-09-08 12:51:22 来源:WEB开发网2 sqlnet.log
当来自一个机器的连接失败后会在目录下建立一个文件,记录失败的连接。
得到一些信息: username, IP,address, date, etc…
3 普遍的oracle安全问题
默认的passwords:
– SYS, SYSTEM, DBSNMP, OUTLN,MDSYS,SCOTT
Password的管理特性没有激活,通过pfiles文件执行复用参数。
– No password lockout by default
– No password expiration by default
Public角色有对ALL_USERS视图的允许权限。
4 PL/SQL的脆弱性
动态SQL的问题
– EXECUTE IMMEDIATE
– DBMS_SQL
允许用户传递sql语句中的参数危险性
这些问题和sql 注入问题几乎一样。
There are two ways to create SQL Statements on the fly in PL/SQL code – Execute
immediate and through the package DBMS_SQL.
5 动态sql语句的例子
CREATE PROCEDURE BAD_CODING_EXAMPLE ( NEW_PASSWORD
VARCHAR2 ) AS
TEST VARCHAR2;
BEGIN
-- DO SOME WORK HERE
EXECUTE IMMEDIATE 'UPDATE ' || TABLE_NAME || ' SET ' ||
COLUMN_NAME || ' = ''' || NEW_PASSWORD || '''‘ WHERE USERNAME=
= ''' || CURRENT_USER_NAME || ''';
END BAD_CODING_EXAMPLE;
有效的输入
from any OCI connection, ODBC connection, SQL*Plus, etc…
– EXEC BAD_CODING_EXAMPLE( ‘testabc’ );
• SQL Created
– UPDATE APPLICATION_USERS SET PASSWORD = ‘testabc’
WHERE USERNAME = ‘aaron’
更多精彩
赞助商链接