DBSecWorx Exploit Demos


wwwdemos
Home / Resources / Exploit Demos
What on earth is going on here? Why are we teaching people how to break into or misuse mission critical resources like Oracle databases?

The answer is:
  • The bad guys already know everything we post here
  • We do not post zero-days so if you are learning about one of these for the first time, that is "Mission Accomplished" for us
  • Much, perhaps most, of what we are posting is on multiple websites including Oracle's ... we are just pulling it together in a single location for the benefit of our customers and the Oracle community
If you are aware of an exploit we haven't posted, and we are just getting started so there are many hundreds not yet posted, please send us an email. We will keep your identity anonymous or credit you as you wish.
 
Topic Versions Last Change Comment
Base64 Attack All 31-Aug-2019 Foil auditing and monitoring with the Base64 attack. New
Cast To RAW Exploit All 30-Aug-2019 Foil auditing and monitoring with the RAW Encoding attack. New
Command Execution Attack using GLOGIN.SQL All 04-Jun-2019 GLOGIN.SQL is likely run hundreds of times every day. Do you know what's in it?
Critical Patch Update All 08-Jun-2019 If you don't treat CPUs as a priority ... someone else is. Guess who.
Database Vault and Encryption Exploit 8.1.7 - 19.3 19-Jul-2019 DB Vault and a lot of encryption can be easily bypassed.
DNS attack using UTL_INADDR 8.1.7 - 19.3 26-May-2019 UTL_INADDR, with EXECUTE granted to PUBLIC is deep inside your firewall.
Instead-Of-Trigger 8.1.7 - 19.3 12-Jul-2019 "Instead Of Triggers" do something instead of what you may expect.
NoSpaces All 30-Aug-2019 Foil auditing and monitoring with the NoSpaces attack. New
Social Engineering using DBA All 26-May-2019 Social engineering attack demo to gain privilege escalation.
Social Engineering using Social Media All 26-May-2019 Social engineering attacks using social media.
 
DBSecWorx secures data and databases
 

 Copyright © 2019
DBSecWorx All rights reserved.
 
Privacy & Cookies Policy Privacy Shield Legal