Penetration Testing mailing list archives

Re: [PEN-TEST] Oracle

From: Jamie Lawrence <jal () THIRDAGE COM>
Date: Tue, 12 Dec 2000 19:29:23 -0800

At 01:59 AM 12/13/00 +0700, Vanja Hrustic wrote:

Nothing that easy. There is a way, but it requires an administrator to
create a shared library, 'plug it' into Oracle, and specifically enable user
to be able to use it in order to execute commands. I've also seen some
info related to Java 'plugs' in Oracle (which are not there by default),
which could allow users to execute commands. Of course, only
'administrator approved' users :)



Stored Procedures can shell out. Again, most configurations
require DBA privileges.

-j

Current thread:

[PEN-TEST] Oracle D V (Dec 13)
- Re: [PEN-TEST] Oracle Vanja Hrustic (Dec 13)
  - Re: [PEN-TEST] Oracle Jamie Lawrence (Dec 13)
- <Possible follow-ups>
- Re: [PEN-TEST] Oracle Michael Owen (Dec 13)