exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 1 of 1 RSS Feed

Files

Oracle Database SQL Injection In DBMS_CDC_PUBLISH.DROP_CHANGE_SOURCE
Posted Apr 27, 2010
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Database provides the DBMS_CDC_PUBLISH PL/SQL package owned by SYS that is part of the Change Data Capture component. This package has a SQL Injection vulnerability in DROP_CHANGE_SOURCE procedure. A malicious user can call the vulnerable procedure of this package with specially crafted parameters and execute SQL statements with the elevated privileges of the SYS user.

tags | advisory, sql injection
advisories | CVE-2010-0870
SHA-256 | c35f4f8ed0b6742d878dc5ee1a8c8cca9fdc018856ad9e4443fbbf4bf0fcfaf5
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close