Content Inside :
Contents Introduction Oracle Architecture Oracle Apache PL/SQL Buffer Overflows Directory Traversal Administration OWA_UTIL package PL/SQL Authentication By-pass PL/SQL Cross-site scripting OracleJSP Translation Files JSP SQL Poisoning Globals.jsa Physical Path mapping XSQL XSQLConfig.xml Access XSQL SQL Poisoning XSQL Style Sheets SOAP SOAP Application Deployment SOAP Configuration File SAMPLES Dangerous Samples DEFAULTS Dynamic Monitoring Services Perl Alias TNS LISTENER Listener Security Issues EXTPROC and External Procedures Oracle Database PL/SQL External Procedures Default User Logins and Passwords Appendix A. A typical Oracle site will comprise of a firewall protecting the Oracle web server and database server. The Oracle web server will be running a bespoke application written in house by the organization that owns the site and will take advantage of one of the feature rich application environments provided with Oracle Application Server. It may be a PL/SQL application, JSP, XSQL, a java servlet or a SOAP based application. (Whilst perl, fastcgi and others are supported these are not often found being used ‘in the wild’ and so will not be covered.) On receiving a client request the web server application dispatches it and if necessary connects to the database server to be furnished with dynamic content. PL/SQL Administration By default it is possible to administer PL/SQL DADs remotely without needing to authenticate. This is obviously not a good thing. Whilst this doesn’t allow an attacker an opportunity to run commands they could attempt to change the user ID and password used to connect to the database server trying to boost privileges by using a default user login and password such as SYS, SYSTEM or CTXSYS. At the “best” they could deny service. PL/SQL Authorization Denial of Service There exists a denial of service issue with the PL/SQL module. When a request is received by the module with a malformed Authorization HTTP client header with no authorization type set such as Basic Apache will access violate or core dump. The resolution to this is to install the patch provided by Oracle. This is available from the Metalink web site.
Tags : oracle web server, oracle application server, web server application, introduction oracle, oracle architecture, soap soap, sql administration, sql application, pl sql, oracle 9, directory traversal, application environments, application deployment, java servlet, xml access
If you see unrelated pdf files with the description or copyrighted material published, please report to us, we'll correct/delete it it as soon as possible.NONE OF THOSE MATERIALS ARE HOSTED IN THIS SERVER NOR UPLOADED BY ME IN SOMEONE'S SERVERS. Read our DISCLAIMER for more detail.
We are neither affiliated with authors and brands nor responsible for its content and change of content.
Information contained herein is provided "as is" without warranty of any kind, either expressed or implied, including any warranty of merchantability or fitness for a particular purpose. In no event shall ANYONE be held liable for any loss of profit, special, incidental, consequential, or other similar claims.