http://www.notsosecure.com/folder2/2008/04/22/exploiting-internal-networks-with-oracle-utl_http-package/ From Pentesters To Pentesters Thu, 08 Jul 2010 02:17:27 +0100 http://wordpress.org/?v=2.8.4 hourly 1 http://www.notsosecure.com/folder2/2008/04/22/exploiting-internal-networks-with-oracle-utl_http-package/comment-page-1/#comment-88349 belch Tue, 21 Jul 2009 18:26:16 +0000 http://www.notsosecure.com/folder2/2008/04/22/exploiting-internal-networks-with-oracle-utl_http-package/#comment-88349 To my opinion a big innovation on this kind of attacks should be: performing an internal assesment from the outside, by exploiting some king of application vulnerability and SQL Injection is such a beautifull candidate. Recently guys from msf have been able to upload a packed version of msf through meterpreter on compromised host. I also talked with sqlmap man about this. It should not be too difficult under some circumstance expecialy when backend DBMS is Oracle or M$ SQL. To my opinion a big innovation on this kind of attacks should be: performing an internal assesment from the outside, by exploiting some king of application vulnerability and SQL Injection is such a beautifull candidate. Recently guys from msf have been able to upload a packed version of msf through meterpreter on compromised host. I also talked with sqlmap man about this. It should not be too difficult under some circumstance expecialy when backend DBMS is Oracle or M$ SQL.

]]>