| Overview |
There are a lot of places inside an Oracle Database where one can easily bypass the "protections" provided by Database Vault and other similar schemes.
For now this page is just a placeholder to hold the objects that will be used to construct a working demo in the near future
|
| |
| Exploit Demo |
| Tables |
PLSCOPE_SQL$
WRR$_CAPTURE_LONG_SQLTEXT |
| Views |
DBA_WORKLOAD_LONG_SQLTEXT
V_$SQLAREA
V_$SQLAREA_PLAN_HASH
V_$SQL
V_$SQL_SHARED_MEMORY
V_$SQLSTATS
V_$SQLSTATS_PLAN_HASH
V_$MAPPED_SQL
GV_$SQLSTATS
GV_$SQLSTATS_PLAN_HASH
GV_$SQLAREA
GV_$SQLAREA_PLAN_HASH
GV_$SQL
GV_$SQL_SHARED_MEMORY
GV_$MAPPED_SQL |
| Fixed Tables |
X$KKSSQLSTAT
X$KKSSQLSTAT_PLAN_HASH |
| Fixed Views |
V_$ADVISOR_CURRENT_SQLPLAN
V_$ALL_SQL_MONITOR
V_$ALL_SQL_PLAN
V_$ALL_SQL_PLAN_MONITOR
V_$DIAG_SESS_SQL_TRACE_RECORDS
V_$DIAG_SQL_TRACE_RECORDS
V_$MAPPED_SQL
V_$PLSQL_DEBUGGABLE_SESSIONS
V_$SQL
V_$SQLAREA
V_$SQLAREA_PLAN_HASH
V_$SQL_BIND_CAPTURE
V_$SQL_BIND_DATA
V_$SQL_BIND_METADATA
V_$SQLCOMMAND
V_$SQLFN_ARG_METADATA
V_$SQLFN_METADATA
V_$SQLPA_METRIC
V_$SQLSTATS
V_$SQLSTATS_PLAN_HASH
V_$SQLTEXT
V_$SQLTEXT_WITH_NEWLINES
V_$SQL_BIND_CAPTURE
V_$SQL_BIND_DATA
V_$SQL_BIND_METADATA
V_$SQL_CS_HISTOGRAM
V_$SQL_CS_SELECTIVITY
V_$SQL_CS_STATISTICS
V_$SQL_CURSOR
V_$SQL_DIAG_REPOSITORY
V_$SQL_DIAG_REPOSITORY_REASON
V_$SQL_JOIN_FILTER
V_$SQL_MONITOR
V_$SQL_MONITOR_SESSTAT
V_$SQL_MONITOR_STATNAME
V_$SQL_OPTIMIZER_ENV
V_$SQL_PLAN
V_$SQL_PLAN_MONITOR
V_$SQL_PLAN_STATISTICS
V_$SQL_PLAN_STATISTICS_ALL
V_$SQL_REDIRECTION
V_$SQL_REOPTIMIZATION_HINTS
V_$SQL_SHARED_CURSOR *
V_$SQL_SHARED_MEMORY *
V_$SQL_TESTCASES ? |
| |
|
| |
|
| |
| Conclusion |
| If data needs to be encrypted be sure that it is encrypted before it gets to the database. |