×
思维导图备注
The Oracle Hacker's Handbook_ H - David Litchfield
首页
收藏书籍
阅读记录
书签管理
我的书签
添加书签
移除书签
A Hop, a Step, and a Jump: Getting DBA Privileges Indirectly
浏览
16
扫码
小字体
中字体
大字体
2022-02-24 02:37:59
请
登录
再阅读
上一篇:
下一篇:
Title Page
Copyright Page
Dedication
About the Author
Credits
Acknowledgements
Introduction
CHAPTER 1 - Overview of the Oracle RDBMS
Architecture
Processes
The File System
The Network
Oracle Patching
Wrapping Up
CHAPTER 2 - The Oracle Network Architecture
The TNS Protocol
Getting the Oracle Version
Wrapping Up
CHAPTER 3 - Attacking the TNS Listener and Dispatchers
Attacking the TNS Listener
The Aurora GIOP Server
The XML Database
Wrapping Up
CHAPTER 4 - Attacking the Authentication Process
How Authentication Works
Attacks Against the Crypto Aspects
Default Usernames and Passwords
Account Enumeration and Brute Force
Wrapping Up
CHAPTER 5 - Oracle and PL/SQL PL/SQL
What Is PL/SQL?
PL/SQL Execution Privileges
Wrapped PL/SQL
PL/SQL Injection
Investigating Flaws
Direct SQL Execution Flaws
PL/SQL Race Conditions
Auditing PL/SQL Code
The DBMS_ASSERT Package
Some Real-World Examples
Wrapping Up
CHAPTER 6 - Triggers
Trigger Happy: Exploiting Triggers for Fun and Profit
Examples of Exploiting Triggers
Wrapping Up
CHAPTER 7 - Indirect Privilege Escalation
A Hop, a Step, and a Jump: Getting DBA Privileges Indirectly
Wrapping Up
CHAPTER 8 - Defeating Virtual Private Databases
Tricking Oracle into Dropping a Policy
Defeating VPDs with Raw File Access
General Privileges
Wrapping Up
CHAPTER 9 - Attacking OraclePL/SQL Web Applications
Oracle PL/SQL Gateway Architecture
Recognizing the Oracle PL/SQL Gateway
Verifying the Existence of the Oracle PL/SQL Gateway
Attacking the PL/SQL Gateway
Wrapping Up
CHAPTER 10 - Running Operating System Commands
Running OS Commands through PL/SQL
Running OS Commands through Java
Running OS Commands Using DBMS_SCHEDULER
Running OS Commands Directly with the Job Scheduler
Running OS Commands Using ALTER SYSTEM
Wrapping Up
CHAPTER 11 - Accessing the File System
Accessing the File System Using the UTL_FILE Package
Accessing the File System Using Java
Accessing Binary Files
Exploring Operating System Environment Variables
Wrapping Up
CHAPTER 12 - Accessing the Network the Network
Data Exfiltration
Encrypting Data Prior to Exfiltrating
Attacking Other Systems on the Network
Java and the Network
Database Links
Wrapping Up
APPENDIX A - Default Usernames and Passwords
Index
暂无相关搜索结果!
×
二维码
手机扫一扫,轻松掌上学
×
《The Oracle Hacker's Handbook_ H - David Litchfield》电子书下载
请下载您需要的格式的电子书,随时随地,享受学习的乐趣!
EPUB 电子书
×
书签列表
×
阅读记录
阅读进度:
0.00%
(
0/0
)
重置阅读进度