Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Sun, 27 May 2012 22:48:56 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1949059823&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2F0810-exploits%2Fcreatedirectory2sysdba.sql%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1949059823.1338158936.1338158936.1338158936.1%3B%2B__utmz%3D32867617.1338158936.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/70874/createdirectory2sysdba.sql http://packetstormsecurity.org/files/70874/createdirectory2sysdba.sql http://packetstormsecurity.org/files/70874/createdirectory2sysdba.sql.html Mon, 13 Oct 2008 22:38:09 GMT Proof of concept code that demonstrates how an Oracle DB user which has been granted CREATE ANY DIRECTORY can use that system privilege to grant themselves the SYSDBA system privilege by creating a DIRECTORY pointing to the password file location on the OS and then overwriting it with a previously prepared known binary password file using UTL_FILE.PUT_RAW from within the DB.