Red-Database-Security GmbH is specialized in Oracle Security

Products
Repscan 2.5
Hedgehog Enterprise
Checkpwd (free)

Services
Oracle Audit / Hardening
Security Training
Consulting

Information
Oracle Security Blog
Published Alerts
Upcoming Alerts
Patch Information
Whitepaper
Presentations
Oracle Fact Sheets
Exploits
Tutorials
Videos
Scripts

News & Events
Events
News

Company
Contact
People
Partner
Impressum
Sitemap

Run OS commands via Java

Documented way to run OS commands

Requirements

Java must be installed in the database (e.g. not available in Oracle XE)
Java privileges (select * from dba_java_policy)

Code:

sqlplus system/manager
SQL> CREATE OR REPLACE AND COMPILE JAVA SOURCE NAMED "R" AS
import java.io.*;
public class R{
public static String Run(String C1){
try{
Runtime.getRuntime().exec(C1);
return("0");
}
catch (Exception e){
return(e.getMessage());
}
}
}
/

SQL> begin dbms_java.grant_permission( 'USER1','SYS:java.io.FilePermission','<<ALL FILES>>','execute');
end;
/

SQL> begin dbms_java.grant_permission( 'USER1 ','SYS:java.lang.RuntimePermission','writeFileDescriptor','*' );
end;
/

SQL> begin dbms_java.grant_permission( 'USER1','SYS:java.lang.RuntimePermission','readFileDescriptor','*' );
end;
/

Create Procedure to call Java
SQL> CREATE or REPLACE PROCEDURE PC(Command IN STRING)
AS
LANGUAGE JAVA
NAME 'R.Run(java.lang.String)';
/

Execute OS Command (e.g. on windows)

SQL> begin; pc('calc.exe'); end;