David Litchfield has just published two chapters from his book The Oracle Hacker’s Handbook: Hacking and Defending Oracle.
In this chapter, David gives two examples, one with CREATE ANY TRIGGER and another with CREATE ANY VIEW to demonstrate how these privileges can be abused to gain DBA privileges. In fact, a user who has the CREATE ANY x privilege can trivially gain DBA privileges, and SQL injection has a lot to do with it.
Virtual Private Databases (VPDs) allow a user to access only the data that the policy specifies they can access, and no more. In this chapter, David demonstrates how to trick Oracle into dropping a policy and how to defeat VPDs with raw file access. Again, SQL injection is the main culprit.Comments Off on Indirect Privilege Escalation And Defeating Virtual Private Databases | Filed in Oracle, Tips | Tags: hack, Security, sql-injection