Oracle Database password weakness

Added: 05/12/2009

Background

Oracle Database is a relational database solution available for multiple platforms.

Problem

The Oracle Database service has accounts with default or easily guessed passwords, which could allow an attacker to make unauthorized SQL queries.

Resolution

Set a strong password for all database accounts.

References

http://www.dba-oracle.com/t_passwords_locking_changing_expiring.htm

Limitations

If successful, this exploit returns an SQL command shell, not an operating system command shell.
Back to exploit index