- Alexander Kornbrust Oracle Security Blog - http://blog.red-database-security.com -
Oracle Security Riddle
Dieser Eintrag stammt von Alexander Kornbrust Am 28 Mai 2007 @ 21:19 In source code audit, Oracle Security | 1 Kommentar
During Oracle security audits we find from time to time the following (unsecure) code. Do you see the vulnerability and do you know how to exploit it?
Solution coming soon…
———-Code without exception handling—
FUNCTION CHGPWD (
P_USER VARCHAR2,
P_PWD VARCHAR2)
RETURN BOOLEAN IS
L_STMT VARCHAR2(255);
BEGIN
L_STMT:= ‘ALTER USER “‘ || P_USER || ‘” IDENTIFIED BY “‘ || P_PWD||’”‘;
EXECUTE IMMEDIATE L_STMT;
RETURN TRUE;
END;
Dieser Artikel wurde ausgedruckt ab Alexander Kornbrust Oracle Security Blog: http://blog.red-database-security.com
URL zum Artikel: http://blog.red-database-security.com/2007/05/28/oracle-security-riddle/
Klicken hier zum Drucken.