databases – Page 25 – WindowsTechs.com

Is the most recent version of ojdbc7 still vulnerable to CVE-2016-3506?

Posted on October 2, 2019 by Trevor

Looking at the Oracle security advisory page here: https://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html Oracle in 2016 disclosed vulnerabilites in their OJDBC7 versions 12.1.0.1 and 12.1.0.2.

However looking for th… Continue reading Is the most recent version of ojdbc7 still vulnerable to CVE-2016-3506?→

how to get shell from blind sql injection? [on hold]

Posted on September 23, 2019 by Anonymous101

I’m trying to gain access to a web server after I found blind SQLi on the website. I used sqlmap to automate things.

I can read the databases and tables. tried to find a way to get a shell from SQL injection. I found a lot… Continue reading how to get shell from blind sql injection? [on hold]→

Modern pass-through authentication [migrated]

Posted on September 17, 2019 by aquaman

In a Microsoft environment one can set up a web application that will pass the credentials directly to SQL Server so that permissions are set closest to the data. How can this be achieved in modern applications using SAML and… Continue reading Modern pass-through authentication [migrated]→

Security implications of client side authentication with a remote database

Posted on September 11, 2019 by Chris

I’m developing a desktop app for use internal to my company. The app’s installation file is located on our company server and therefore is only accessible to authenticated employees (under the assumption our network is secur… Continue reading Security implications of client side authentication with a remote database→

ScyllaDB takes on Amazon with new DynamoDB migration tool

Posted on September 11, 2019 by Ron Miller

There are a lot of open source databases out there, and ScyllaDB, a NoSQL variety, is looking to differentiate itself by attracting none other than Amazon users. Today, it announced a DynamoDB migration tool to help Amazon customers move to its product. It’s a bold move, but Scylla, which has a free open source product […] Continue reading ScyllaDB takes on Amazon with new DynamoDB migration tool→

MySQL terminal hack?

Posted on September 7, 2019 by Ryan

Well, is it possible to enter MySQL terminal(track and send queries) without username, password and IP?

I have gaming server and some guys just shared some details about our users on pastebin(like password – unhashed!). They… Continue reading MySQL terminal hack?→

Hacking databases (post exploitation)

Posted on August 28, 2019 by Jake Leroy

I am curious to understand how an attacker could hack a linux server’s database post exploitation. For instance say you have root access to a targeted server and the server is using MySql, Postgresql etc how would an attacker… Continue reading Hacking databases (post exploitation)→

Wrapper’s Delight

Posted on August 26, 2019 by Trent Brunson

During my summer at Trail of Bits, I took full advantage of the latest C++ language features to build a new SQLite wrapper from scratch that is easy to use, lightweight, high performant, and concurrency friendly—all in under 750 lines of code.
Th… Continue reading Wrapper’s Delight→

How to Prepare for Misconfigurations Clouding the Corporate Skies

Posted on August 20, 2019 by Justin Jett

With cloud misconfigurations rampant in cloud storage and IaaS environments, adding security layers to identify them is crucial for securing sensitive data. Continue reading How to Prepare for Misconfigurations Clouding the Corporate Skies→

Find out all the information from a database that you search

Posted on August 7, 2019 by Callum Hall

There is a search bar where you input a location and it shows 10 closest providers to the location that you search, however, I want to find all of the locations. I could do this manually but that would be insane. Is there any… Continue reading Find out all the information from a database that you search→