| Oracle Substitution Exploits Versions: ALL |
|---|
| Overview |
| A substitution exploit is an attack that attempts hides from behavior monitoring the true intent of code/commands submitted to the database.
Successful Substitution Attacks attempt to evade monitoring by making a targeted statement appear innocent so that it is not logged, so that does not trigger an alert, or so that if logged members of the security team do not recognize its hostile intent. Consider the following: There is no excuse for any human to ever execute DBMS_SYS_SQL.PARSE_AS_USER. Any use of this built-in functionality should be considered highly suspicious.
But, if members of the CISO's and DBA teams, are not aware of the danger, what are the chances they will act immediately to fully investigate a usage found in an audit log? History eaches us that the usage will be ignored.The "Topics" referenced with the links, below, are 8separate Substitution exploits explained and demonstrated here in DBSecWorx online resources. Many more are possible, limited only by the imagination and effort the attacker is willing to invest. |
| Related Topics |
| Base64 Exploit |
| Cast To RAW Exploit |
| NoSpaces Exploit |
| REPLACE Exploit |
| TRANSLATE Exploit |
| UTL_ENCODE |
| UTL_I18N |
| UTL_RAW |
| WRAP Exploit |