Skip navigation.

Paul Wright

Syndicate content
(nix, oracle, java, www, cloud ) intersect (safety, security, reliability, integrity)
Updated: 7 hours 57 min ago

INDEX to SYSDBA without SELECT

Thu, 2014-03-27 08:21
Hello Oracle Security Readers, If we combine the following factors together then we can identify an escalation route from Index on SYSTEM to SYSDBA which does not require SELECT privileges on the indexed table: 1. SYSTEM passes it’s DBA role through it’s procedures. 2. Oracle indexes allow execution from read via functions i.e. INDEX can [...]