|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Potential Vulnerabilities in Oracle Internet Application Server
From: Michal Zalewski (lcamtuf
DIONE.IDS.PL)Date: Tue Dec 26 2000 - 14:42:14 CST
- Next message: SteeLe: "DCForum(v1.0 - 6.0) Exploit"
- Previous message: Michael S Soukup: "IBM Findings: Korn Shell Redirection Race Condition Vulnerability"
- In reply to: Rajiv Sinha: "Potential Vulnerabilities in Oracle Internet Application Server"
- Reply: Michal Zalewski: "Re: Potential Vulnerabilities in Oracle Internet Application Server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sat, 23 Dec 2000, Rajiv Sinha wrote:
> For modplsql in iAS, a second solution is to disable access to URLs
> which match certain criteria. For example, in the case of SYS, OWA,
> and DBMS this may be done by adding the following rules to the
> plsql.conf file:
> /.../
> Note also that the plsql.conf file can be configured to include rules
> which prevent access to URLs containing specific SQL statements such as
> select, insert, grant, etc., keeping in mind that rules are case
> sensitive.
This fix is broken by design:
http://server/pls/somedad/%0aselect...
...and so on. You should disallow *everything* except known procedure
names you really *want* to be called from outside world, and disallow
*any* suspected special characters (spaces, tabs, cr/lfs and possibly
others).
-- _______________________________________________________ Michal Zalewski [lcamtuf
- Next message: SteeLe: "DCForum(v1.0 - 6.0) Exploit"
- Previous message: Michael S Soukup: "IBM Findings: Korn Shell Redirection Race Condition Vulnerability"
- In reply to: Rajiv Sinha: "Potential Vulnerabilities in Oracle Internet Application Server"
- Reply: Michal Zalewski: "Re: Potential Vulnerabilities in Oracle Internet Application Server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]