This is an example of a database protocol attack on the client side for Oracle 10i. Using a Hex or Text editor it is possible to modify the SQL login stream on the client side in a way that takes advantage of the Oracle Database User running as DBA. As such, compromising that process - i.e. buffer overflow, allows the injection of code to be used causing anything from a denial of service attack to data modification on the Oracle server side database. In this case we create a new user, with DBA privileges, using a method that doesn't even require the initial login to be successful.
InfoType:
Imperva : Client Side Database Protocol Attack YouTube:
Products:
Imperva SecureSphere Database Firewall 