Penetration Testing: Re: [PEN-TEST] database security

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Penetration Testing mailing list archives

Re: [PEN-TEST] database security

From: Alfred Huger <ah () SECURITYFOCUS COM>
Date: Tue, 29 Aug 2000 10:14:33 -0700

On Tue, 29 Aug 2000, mount ararat blossom wrote:

hi folks,
do you know any site which has some whitepapers about database security
issues especially on MS SQL, Oracle and
Sybase.
Plus i wanna check some database hacking techniques.
regards
MAB



Some papers,vulns and toolz etc. YMMV.

1. A Misuse Detection System for Database Systems (library)
   url: http://www.securityfocus.com/library/1938

2. A Misuse Detection System for Database Systems (library)
   url: http://www.securityfocus.com/library/1938

3. Oracle Security (library)
   url: http://www.securityfocus.com/library/8

4. Decentralized Group Hierarchies in UNIX: An Experiment and Lessons
   Learned (library)
   url: http://www.securityfocus.com/library/2006

Some vulnerabilities:

5. Sybase Power Dynamo Directory Traversal Vulnerability (vulnerabilities)
   url: http://www.securityfocus.com/bid/620

6. Oracle Web Listener Denial of Service Vulnerability (vulnerabilities)
   url: http://www.securityfocus.com/bid/1427

7. Oracle Web Listener Batch File Vulnerability (vulnerabilities)
   url: http://www.securityfocus.com/bid/1053

8. Oracle for Linux Installer Vulnerability (vulnerabilities)
   url: http://www.securityfocus.com/bid/1035

9. Oracle Web Listener URL Character Substitution Vulnerability
   url: http://www.securityfocus.com/bid/841

10. Oracle Intelligent Agent Vulnerability (vulnerabilities)
    url: http://www.securityfocus.com/bid/585


11. Oracle 8 File Acess Vulnerabilities (vulnerabilities)
    url: http://www.securityfocus.com/bid/170


12. Oracle 8 oratclsh Suid Vulnerability (vulnerabilities)
    url: http://www.securityfocus.com/bid/159

13. Microsoft SQL Server Enterprise Manager Password Disclosure
    Vulnerability
    url: http://www.securityfocus.com/bid/1466

14. Microsoft SQL Server 7.0 Stored Procedure Vulnerability
    url: http://www.securityfocus.com/bid/1444

15. Microsoft SQL Server 7.0 System Administrator Password Disclosure
    Vulnerability
    url: http://www.securityfocus.com/bid/1281

16. Microsoft SQL Server DTS Password Disclosure Vulnerability
    url: http://www.securityfocus.com/bid/1292

17. Microsoft SQL Server Xp_sprintf buffer overflow (vulnerabilities)
    url: http://www.securityfocus.com/bid/1204

18  Microsoft SQL Weak Password Encryption Vulnerability (vulnerabilities)
    url: http://www.securityfocus.com/bid/1055

19. Microsoft SQL Server Non-Validated Query Vulnerability
    url: http://www.securityfocus.com/bid/1041

20. Microsoft SQL Server 7.0 NULL Data DoS Vulnerability (vulnerabilities)
    url: http://www.securityfocus.com/bid/817

Some tools..

21. GNITvse rc1: GNIT Vulnerability Scanning Engine - (tools)
    url: http://www.securityfocus.com/tools/1369

22. SQLdict (tools)
    url: http://www.securityfocus.com/tools/1322

By Date By Thread

Current thread:

[PEN-TEST] database security mount ararat blossom (Aug 29)
- Re: [PEN-TEST] database security Alfred Huger (Aug 29)
- Re: [PEN-TEST] database security Ben Lull (Aug 29)
  - Re: [PEN-TEST] database security Nicolas Gregoire (Aug 29)
- <Possible follow-ups>
- Re: [PEN-TEST] database security David Jahne (Aug 29)