I attended the BGOUG Spring Conference last week as a speaker. While in BGOUG Conference, I had a chance to listen Kamil Stawiarski’s session about hacking Oracle. Kamil spoke about potential security issues of high level privileges such as create any index and create directory. At the end of the session, he also showed a tool written by himself. The tool (I do not remember its name right now), reads a datafile, searches for object ID (of a table) and parse and list the rows of the table.
I am aware that Oracle Support has a similar utility, and as I heard it’s called “DUL” (Data UnLoader). DUL is used to export data from data files in case there’s no possibility to open the database because of corruption. So the concept wasn’t new to me, but seeing the tool in action, made me want to write my own tool which is capable of extracting data from data files.Read More