Mitigating Client Side Database Protocol Attacks
This video demonstration illustrates methods for attacking databases by leveraging a client side application as well as vulnerabilities within the database protocol. This example addresses Oracle 10i. Using a Hex or Text editor it is possible to modify the SQL login stream on the client side in a way that takes advantage of the Oracle Database User running as DBA. By compromising the process with an attack such as a buffer overflow, an attacker can perform an injection of code causing anything from a denial of service attack to data modification on the Oracle server side database.