CODEWITHSUNDEEP
javasqlsqlexception
user1936351
user1936351

Reputation: 1

Security:090759 in weblogic managed logs

i am getting following error in weblogic managed log files and not able to trace source of client IP or URL. It is look like some SQL injection are happening on servers so please provide detail to prevent it and get more detail about it. 

<[ACTIVE] ExecuteThread: '14' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1355487016719> <BEA-000000> <[Security:090759]A SQLException occurred while retrieving password information
java.sql.SQLException: [Security:090798]Invalid characters found in input @^Y@.@o*.2,./2|pq{jvk@-1('@lvo)&1,.1(.1.+(@./*
        at weblogic.security.providers.authentication.shared.DBMSUtils.verifyInputCharactersName(DBMSUtils.java:338)
        at weblogic.security.providers.authentication.shared.DBMSSQLRuntimeQueryImpl.executeUserPassword(DBMSSQLRuntimeQueryImpl.java:71)
        at weblogic.security.providers.authentication.shared.DBMSAtnLoginModuleImpl.authenticateDBMS(DBMSAtnLoginModuleImpl.java:672)
        at weblogic.security.providers.authentication.shared.DBMSAtnLoginModuleImpl.login(DBMSAtnLoginModuleImpl.java:271)
        at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
        at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
        at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
        at com.bea.common.security.internal.service.JAASLoginServiceImpl.login(JAASLoginServiceImpl.java:113)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
        at $Proxy17.login(Unknown Source)
        at weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.login(Unknown Source)
        at com.bea.common.security.internal.service.JAASAuthenticationServiceImpl.authenticate(JAASAuthenticationServiceImpl.java:82)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
        at $Proxy37.authenticate(Unknown Source)
        at weblogic.security.service.WLSJAASAuthenticationServiceWrapper.authenticate(Unknown Source)
        at weblogic.security.service.PrincipalAuthenticator.authenticate(Unknown Source)
        at weblogic.servlet.security.internal.SecurityModule.checkAuthenticate(SecurityModule.java:236)
        at weblogic.servlet.security.internal.SecurityModule.checkAuthenticate(SecurityModule.java:185)
        at weblogic.servlet.security.internal.BasicSecurityModule.checkUserPerm(BasicSecurityModule.java:75)
        at weblogic.servlet.security.internal.SecurityModule.checkAccess(SecurityModule.java:106)
        at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:82)
        at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2122)
        at weblogic.servlet.security.internal.AuthFilterChain$LastFilter.doFilter(AuthFilterChain.java:45)
        at weblogic.servlet.security.internal.AuthFilterChain.doFilter(AuthFilterChain.java:37)
        at com.bea.common.security.internal.service.SAMLSingleSignOnServiceImpl.callChain(SAMLSingleSignOnServiceImpl.java:416)
        at com.bea.common.security.internal.service.SAMLSingleSignOnServiceImpl.doRedirectFilter(SAMLSingleSignOnServiceImpl.java:407)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
        at $Proxy22.doRedirectFilter(Unknown Source)
        at weblogic.security.providers.saml.SAMLServletAuthenticationFilter.doFilter(SAMLServletAuthenticationFilter.java:101)
        at weblogic.servlet.security.internal.AuthFilterChain.doFilter(AuthFilterChain.java:37)
        at weblogic.servlet.security.internal.SecurityModule$ServletAuthenticationFilterAction.run(SecurityModule.java:612)
        at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
        at weblogic.security.service.SecurityManager.runAs(Unknown Source)
        at weblogic.servlet.security.internal.SecurityModule.invokeAuthFilterChain(SecurityModule.java:501)
        at weblogic.servlet.security.internal.BasicSecurityModule.handleFailure(BasicSecurityModule.java:114)
        at weblogic.servlet.security.internal.BasicSecurityModule.checkUserPerm(BasicSecurityModule.java:80)
        at weblogic.servlet.security.internal.SecurityModule.checkAccess(SecurityModule.java:106)
        at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:82)
        at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2122)
        at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2092)
        at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1406)
        at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
        at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)

Upvotes: 0

Views: 1143

Answers (1)

Brian
Brian

Reputation: 13571

This is weblogic validating the userid input as part of their login implementation. I believe Oracle's OID does not allow an apostrophe in userids. Perhaps someone was simply testing your site with classic keyboard smashing and just happened to smash the keys in such a way that an apostrophe was entered for the userID.

It appears Weblogic is checking if the user input entered contains 'invalid' characters that would imply a sql injection attack with the userID. But is my understanding that they are using PreparedStatements which makes validating the input for characters a bit odd. It is likely just a constraint on what makes a valid userID in their backend LDAP.

In your case the user entered the following:

@^Y@.@o*.2,./2|pq{jvk@-1('@lvo)&1,.1(.1.+(@./*

Most of this answer is based on this forum discussion.

I did check metalink.oracle.com but did not find the SR listed in the forum.

Upvotes: 1

Related Questions