Oracle 12c injection [message #667263] |
Mon, 18 December 2017 18:26 |
|
SoratoMan
Messages: 1 Registered: December 2017
|
Junior Member |
|
|
Hi. Sorry for my poor English.
Example in article demonstrates executing vulnerable procedure created by sys. Using the procedure in way, suggested in article we can get dba role for our user, who posesses only create sesion priviliges.
So if vulnerable procedure vulnProc was created by user1, how user2, who have only create session , execute on vulnProc and select on table1(which created by user1) priviligies, can insert into table1 or delete any row from it?
|
|
|
|