DBSecWorx Exploit Demos


wwwdemos
Home / Resources / Exploit Demos
What on earth is going on here? Why are we teaching people how to break into or misuse mission critical resources like Oracle databases?

The answer is:
  • The bad guys already know everything we post here
  • We do not post zero-days so if you are learning about one of these for the first time, that is "Mission Accomplished" for us
  • Much, perhaps most, of what we are posting is on multiple websites including Oracle's ... we are just pulling it together in a single location for the benefit of our customers and the Oracle community
If you are aware of an exploit we haven't posted, and we are just getting started so there are many hundreds not yet posted, please send us an email. We will keep your identity anonymous or credit you as you wish.
 
Topic Versions Last Change Comment
ANY Privilege Exploits All 19-Mar-2020 Granting a System privilege containing the word ANY is dangerous by ANY definition.
Base64 Attack All 31-Aug-2019 Foil auditing and monitoring with the Base64 attack.
Cast To RAW Exploit All 30-Aug-2019 Foil auditing and monitoring with the RAW Encoding attack.
Command Execution Attack using GLOGIN.SQL All 04-Jun-2019 GLOGIN.SQL is likely run hundreds of times every day. Do you know what's in it?
Common Vulnerabilities & Exposures 12c - 19c 20-Mar-2020 The CVE listings edited for clarity and linking to demos where possible.
Critical Patch Update All 08-Jun-2019 If you don't treat CPUs as a priority ... someone else is. Guess who.
Database Vault and Encryption Exploit 8.1.7 - 19.4 19-Jul-2019 DB Vault and a lot of encryption can be easily bypassed.
DNS attack using UTL_INADDR 8.1.7 - 19.4 26-May-2019 UTL_INADDR, with EXECUTE granted to PUBLIC is deep inside your firewall.
GLOGIN.SQL All 01-Dec-2019 Oracle Corp. values security ... its internal development groups haven't got a clue.
Granted To PUBLIC All 01-Dec-2019 Oracle Corp. values security ... its internal development groups haven't got a clue.
Instead-Of Trigger 8.1.7 - 20c 12-Jul-2019 "Instead-Of Triggers" do something instead of what you may expect.
NoSpaces Attack All 30-Aug-2019 Foil auditing and monitoring with the NoSpaces attack.
Replace Attack All 24-Oct-2019 Foil auditing and monitoring with the REPLACE function attack.
Social Engineering using DBA All 26-May-2019 Social engineering attack demo to gain privilege escalation.
Social Engineering using Social Media All 26-May-2019 Social engineering attacks using social media.
Substitution Attacks All 24-Oct-2019 Foil auditing and monitoring with a SUBSTITUTION attack.
Translate Attack All 24-Oct-2019 Foil auditing and monitoring with the TRANSLATE function attack.
Wrap Attack All 24-Oct-2019 Foil auditing and monitoring with the WRAP attack.
 
DBSecWorx secures data and databases
 

 Copyright © 2019-2020
DBSecWorx All rights reserved.
 
Privacy & Cookies Policy Privacy Shield Legal