Penetration Testing mailing list archives
fixed_date parameter in Oracle 8i
From: Pete Finnigan <pete () peterfinnigan demon co uk>
Date: Mon, 19 Nov 2001 21:15:56 +0000
Hi All As a lot of people have been interested in what I have written in the recent past about Oracle security I thought I would share a recent issue I found on an Oracle security pentest / audit with everyone. An application we looked at used the oracle system date SYSDATE quite extensively in its functionality and calculations. It was possible to cause mis-calculations in the system by altering a system parameter. I have written a short paper describing this if anyone is interested. Its at http://www.pentest-limited.com/fixed-date.htm. regards, Pete Finnigan www.pentest-limited.com -- Pete Finnigan IT Security Consultant PenTest Limited Office 01565 830 990 Fax 01565 830 889 Mobile 07974 087 885 pete.finnigan () pentest-limited com www.pentest-limited.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- fixed_date parameter in Oracle 8i Pete Finnigan (Nov 19)