Penetration Testing mailing list archives
Re: [PEN-TEST] Oracle
From: Vanja Hrustic <vanja () RELAYGROUP COM>
Date: Wed, 13 Dec 2000 01:59:12 +0700
On Mon, Dec 11, 2000 at 09:41:58AM +0100, D V wrote:
Hi, Do someone know how to execute some shell command on Unix OS using a SQL request via Oracle like : select a from b where a=<here you can rite your exploit>. Is there a solution like the xp_cmdshell ?
Nothing that easy. There is a way, but it requires an administrator to create a shared library, 'plug it' into Oracle, and specifically enable user to be able to use it in order to execute commands. I've also seen some info related to Java 'plugs' in Oracle (which are not there by default), which could allow users to execute commands. Of course, only 'administrator approved' users :) -- Vanja Hrustic The Relay Group http://relaygroup.com Technology Ahead of Time
Current thread:
- [PEN-TEST] Oracle D V (Dec 13)
- Re: [PEN-TEST] Oracle Vanja Hrustic (Dec 13)
- Re: [PEN-TEST] Oracle Jamie Lawrence (Dec 13)
- <Possible follow-ups>
- Re: [PEN-TEST] Oracle Michael Owen (Dec 13)
- Re: [PEN-TEST] Oracle Vanja Hrustic (Dec 13)