Penetration Testing mailing list archives
Re: [PEN-TEST] Oracle
From: Jamie Lawrence <jal () THIRDAGE COM>
Date: Tue, 12 Dec 2000 19:29:23 -0800
At 01:59 AM 12/13/00 +0700, Vanja Hrustic wrote:
Nothing that easy. There is a way, but it requires an administrator to create a shared library, 'plug it' into Oracle, and specifically enable user to be able to use it in order to execute commands. I've also seen some info related to Java 'plugs' in Oracle (which are not there by default), which could allow users to execute commands. Of course, only 'administrator approved' users :)
Stored Procedures can shell out. Again, most configurations require DBA privileges. -j
Current thread:
- [PEN-TEST] Oracle D V (Dec 13)
- Re: [PEN-TEST] Oracle Vanja Hrustic (Dec 13)
- Re: [PEN-TEST] Oracle Jamie Lawrence (Dec 13)
- <Possible follow-ups>
- Re: [PEN-TEST] Oracle Michael Owen (Dec 13)
- Re: [PEN-TEST] Oracle Vanja Hrustic (Dec 13)