00:00
118
As DBA (yea for SQLI) we use UTL_FILE to write out our FTP download script, using DBMS_SCHEDULER we create a job to run the script to download our binary and create a 2nd job to execute our binary and get our meterpreter shell. Oracle...Unbreakable.
check MC's video (requires java) on getting those DBA privs
w00t-shell.net/demos/CVE-2008-3996.html
Loading more stuff…