Attacking Oracle Web Applications With Metasploit presented at BlackHatDC 2011

by Chris Gates,


Summary : In 2009, Metasploit released a suite of auxiliary modules targeting oracle databases and attacking them via the TNS listener. This year lets beat up on...errr security test Oracle but do it over HTTP/HTTPS. Rather than relying on developers to write bad code lets see what we can do with default content and various unpatched Oracle middleware servers that youll commonly run into on penetration tests. Well also re-implement the TNS attack against the isqlplus web portal with Metasploit auxiliary modules.