Call now: 252-767-6166  
Oracle Training Oracle Support Development Oracle Apps

 E-mail Us
 Oracle Articles
New Oracle Articles

 Oracle Training
 Oracle Tips

 Oracle Forum
 Class Catalog

 Remote DBA
 Oracle Tuning
 Emergency 911
 RAC Support
 Apps Support
 Oracle Support

 SQL Tuning

 Oracle UNIX
 Oracle Linux
 Remote s
 Remote plans
 Application Server

 Oracle Forms
 Oracle Portal
 App Upgrades
 SQL Server
 Oracle Concepts
 Software Support

 Remote S


 Consulting Staff
 Consulting Prices
 Help Wanted!


 Oracle Posters
 Oracle Books

 Oracle Scripts

Don Burleson Blog 







Oracle exposures and Google Hacking

Oracle Tips by Burleson Consulting
Don Burleson

After reading ?Google Hacking for Penetration Testers?, Oracle professionals will come-away, eyes wide-open to the exposures at internet-enabled Oracle databases.  If you have a web-enabled Oracle database, you need to take-heed!

When the powerful Googlebot crawls a web site it can expose many Oracle-related vulnerabilities and exposures.  For example, just run the Google search below to identify dozens of web-sites with a iSQL*Plus interface, the first-step by a hacker who is interested in launching a buffer overflow attack on your Oracle database:


On the heels of the bestselling book ?Google Hacking for Penetration Testers?, Johnny Long?s idea has opened many people?s eyes about the power of Google when placed in the wrong hands.  This is one of the best computer books of 2005, a novel concept with widespread ramifications for the Oracle DBA:


You may also enjoy Johnny Longs web site, and be sure to check-out the user-contributed Oracle Google searches:


If you want the short-course, in this presentation we see the Johnny Long expose the huge power of Google as an intrusion tool:


There is also an excellent discussion of Google hacking for penetration testers at the red-database-security web site:


The most frightening section from the above link are the Google searches that can be used to detect if a web site is hosting SQL*Forms, Oracle Discoverer of Oracle Reports, the first-step in a hack attack:


Oracle Application Server:


iAS Demopages


Oracle Forms


Oracle Forms 6i (using CGI)


Oracle Forms 6i (using Servlets)


Oracle Forms


Oracle Reports


Oracle Reports 6i


Oracle Reports


Oracle Discoverer


Oracle Discoverer Viewer


Oracle Discoverer Plus


Oracle Discoverer 10g


This is an extremely powerful technique, and every Oracle professional should run these Google commands to see if a improper permission setting (e.g. 744) might expose your Oracle database to a hack attack:




Oracle Training at Sea
oracle dba poster

Follow us on Twitter 
Oracle performance tuning software 
Oracle Linux poster


Burleson is the American Team

Note: This Oracle documentation was created as a support and Oracle training reference for use by our DBA performance tuning consulting professionals.  Feel free to ask questions on our Oracle forum.

Verify experience! Anyone considering using the services of an Oracle support expert should independently investigate their credentials and experience, and not rely on advertisements and self-proclaimed expertise. All legitimate Oracle experts publish their Oracle qualifications.

Errata?  Oracle technology is changing and we strive to update our BC Oracle support information.  If you find an error or have a suggestion for improving our content, we would appreciate your feedback.  Just  e-mail:  

and include the URL for the page.


Burleson Consulting

The Oracle of Database Support

Oracle Performance Tuning

Remote DBA Services


Copyright © 1996 -  2020

All rights reserved by Burleson

Oracle ® is the registered trademark of Oracle Corporation.