|
|
| Resarch by title "securing oracl database from search engine attack [message #465571 is a reply to message #465569] |
Wed, 14 July 2010 18:03   |
samiaa
Messages: 23
Registered: August 2006
Location: egypt
|
Junior Member |
|
|
hi guys,
i want us to help me in my point of seach
this research by title"securing oracle database from sarch engine attack"the idea was came from reading article by title "search engine used to attack database
it talk about the dangrous of search engine in finding data and obtaining url's for database engine an entering with default username/passwod ,trying to get data .
NOTE:really i reached to url for open collage that give master an phd remotly by this way
hen,
i searched alot and get more informayion about this topic ,
but want us to help me by their advices and suggestions about this point of research and what projct that can i do for ?
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Re: Resarch by title "securing oracl database from search engine attack [message #465785 is a reply to message #465784] |
Thu, 15 July 2010 10:47 |
samiaa
Messages: 23
Registered: August 2006
Location: egypt
|
Junior Member |
|
|
BlackSwan wrote on Thu, 15 July 2010 10:44
DBSNMP privileges are the same ones in any database, query the privileges views to know what are they.
DBSNMP privileges are the same ones in any database, query the privileges views to know what are they.
DBSNMP privileges are the same ones in any database, query the privileges views to know what are they.
3-times---------too much
|
|
|
|
|
|
|
|
|
|
|
|
| Re: Resarch by title "securing oracl database from search engine attack [message #465810 is a reply to message #465805] |
Thu, 15 July 2010 11:31 |
cookiemonster
Messages: 13960
Registered: September 2008
Location: Rainy Manchester
|
Senior Member |
|
|
I didn't understand what you meant either and I suspect no one else will - so the problem is yours, especially if you want help from us.
Really though we don't like telling people how to hack databases on this site, just in case someone decides to use what we say to do exactly that.
So I suggest you just except the fact that that account has powerful privileges and should be locked down.
|
|
|
|
| Re: Resarch by title "securing oracl database from search engine attack [message #465812 is a reply to message #465810] |
Thu, 15 July 2010 11:41 |
samiaa
Messages: 23
Registered: August 2006
Location: egypt
|
Junior Member |
|
|
very thanks for you
i dont want to hack but i read more about this account and asked more people about that they reply me that it have limited privillage i know really what can this account do
"This user has some powerful privileges, such as UNLIMITED TABLESPACE,SELECT ANY DICTIONARY (which allows the user to select from dynamic performance views and data dictionary views), and ANALYZE ANY DICTIONARY(which allows analyze of the system objects). Many intruders use this user and password for back-door entry into the database. Needless to say, this is a huge security hole.
"
then when Michel
say"powerful enough privilege to hurt the database"
i loved to know how this account can hurt by code(to put in my research )to learn not to hack
[Updated on: Thu, 15 July 2010 11:45] Report message to a moderator |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
] 
Blog
Search
Help
Members
Register
Login
Home
