Owning SAP ASE: Chained Database Attack
A few vulnerabilities chained together will allow anyone with a network connection to a database server, to get complete control over it. We will go over a specific example using SAP ASE 15.7 and 16.0 as targets. Advanced vulnerabilities will be shown. Following application development best practices is not enough. DBAs must keep databases patched, deploy only required functionality and perform frequent audits.