Database Hacking Video: Tampering with DB Network Protocol Messages

December 11, 2009

This is the latest educational video on Web application and Database hacking techniques and threat mitigation from Imperva.

Tampering with database network protocol messages

This is an example of a database protocol attack on the client side for Oracle 10i. Using a Hex or Text editor it is possible to modify the SQL login stream on the client side in a way that takes advantage of the Oracle Database User running as DBA. As such, compromising that process - i.e. buffer overflow, allows the injection of code to be used causing anything from a denial of service attack to data modification on the Oracle server side database. In this case we create a new user, with DBA privileges, using a method that doesn't even require the initial login to be successful.

You can find more videos like this on the Imperva Video page, and on the Imperva YouTube Channel.

Posted by Rob Rachwald at 11:03:01 AM

Comments

Verify your Comment

Previewing your Comment

Posted by: |

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:

Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.