Re: [Full-disclosure] [RECTIFY] Oracle 10g exploit - dbms_aq.enqueue - become DBA

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] [RECTIFY] Oracle 10g exploit - dbms_aq.enqueue - become DBA
From: "Andrea \"bunker\" Purificato" <bunker@xxxxxxxxxxxxx>
Date: Tue, 03 Apr 2007 15:14:33 +0200
Cc: bugtraq@xxxxxxxxxxxxxxxxx, str0ke@xxxxxxxxxxx, info@xxxxxxxxxxxxxxxx, info@xxxxxxxxxxxxxxxxxxxxxxxxx
In-reply-to: <1175509992.7527.6.camel@fin>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <1175509992.7527.6.camel@fin>

> http://rawlab.mindcreations.com/codes/exp/oracle/dbms_aq-enqueue.pl

[All work and no play makes bunker a dull boy...]


A problem has occurred during researching about this oracle package.
Because of particular coincidences concentrated on user privileges the
test results disaligned. Actually, after new analysis on other targets
the code seems not working as aspected.

I apologize for the mistake, the code was just removed, waiting for new
(oculated) hints.


Regards,
-- 
Andrea "bunker" Purificato
+++++++++++[>++++++>+++++++++++++++++++++++++++++++++>++++
++++++<<<-]>.>++++++++++.>.<----------.>---------.<+++++++.

http://rawlab.mindcreations.com

References:
- 0day Oracle 10g exploit - dbms_aq.enqueue - become DBA
  - From: Andrea \"bunker\" Purificato

Prev by Date: MyBulletinBoard (MyBB) <= 1.2.3 Remote Code Execution Exploit
Next by Date: Remote File Include In Script stat12
Previous by thread: 0day Oracle 10g exploit - dbms_aq.enqueue - become DBA
Next by thread: Re: 0day Oracle 10g exploit - dbms_aq.enqueue - become DBA
Index(es):
- Date
- Thread