| used in plenty of huge network systems. So, Oracle database has become the most attractive databse to attackers. Thus, research on offensive and defensive technologies of Oracle databse has become an important issue to ensure network information security.This paper investigate on Oracle unwrap facility and privilege escalation flaws.Research on unwrap facility provides technical base to the privilege escalation, and in the end it proposes a methodology and implementation on flaw investigation.In the area of Oracle wrap/unwrap facility, Oracle only provides wrap facility without unwrap facility. This paper proposes unwrap algrothim and implementation on both Oracle9i and Oracle10g so that inner wrapped procedures and functions of Oracle will be unwrapped as plaintext. This helps analyse and research on Oracle inner source codes and attck and investigate on privilege escalation of these source codes.On the base of Oracle unwrap facility, this paper proposes and implement a collection of attack methods to escalate user privilegs that attacker holds, including user only has CREATE SESSION privilege,Lateral sql injection,bypass dbms_assert attack, indirect privilege escalation attack and so on. All these attack on the Oracle flaws that exist.But Oracle will fix these existing flaws, so this paper investiages on the fixed flaws in the end. It proposes a methodology and uses this methodology and toolkit of Oracle to investigate most privilege escalation flaws that have been fixed to investigate potential flaws. It implements this methodology on specified fixed flaw dbms_export_extention which is best combination of theory and practice. |
PDF Full Text Request