Sunday, July 29, 2007

Oracle 9i/10g Views exploit

A quick one for the weekend: Rawlab released a nice little SQL exploit for a recently-patched Oracle 9i/10g vulnerability involving specially crafted Views. This flaw gives database users the ability to update/insert/delete records with SYSTEM privileges. The exploit updates a specified user account in SYS.USER$ with a new password; the code is straightforward enough to be easily modified if you wanted to mess with other records in system tables. I've hit a streak of insecure Oracle databases over the last few pen-tests, so this might be a useful tool to add to my collection.

No comments: