During Oracle security audits we find from time to time the following (unsecure) code. Do you see the vulnerability and do you know how to exploit it?
Solution coming soon…
———-Code without exception handling—
FUNCTION CHGPWD (
P_USER VARCHAR2,
P_PWD VARCHAR2)
RETURN BOOLEAN IS
L_STMT VARCHAR2(255);
BEGIN
L_STMT:= ‚ALTER USER „‚ || P_USER || ‚“ IDENTIFIED BY „‚ || P_PWD||'“‚;
EXECUTE IMMEDIATE L_STMT;
RETURN TRUE;
END;