CVE-2005-4832

This Perl script exploits CVE-2005-4832 in Oracle Database 9i/10g by leveraging cursor injection in the DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION procedure to grant or revoke DBA privileges without requiring CREATE PROCEDURE privileges. It uses DBD::Oracle to execute malicious SQL commands via an autonomous transaction.

This Perl script exploits an SQL injection vulnerability in Oracle's DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION procedure (CVE-2005-4832) to grant or revoke DBA privileges to an unprivileged user. It leverages cursor injection to execute arbitrary SQL commands with SYS privileges.

This exploit leverages a vulnerability in Oracle's DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION to grant or revoke DBA privileges to an unprivileged user. It creates an autonomous transaction function to execute the privilege modification, bypassing standard authorization checks.

This Perl script exploits an SQL injection vulnerability in Oracle's DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION procedure (CVE-2005-4832) to grant or revoke DBA privileges to an unprivileged user. It leverages the SUBSCRIPTION_NAME parameter to execute arbitrary PL/SQL statements with SYS privileges.

This Metasploit module exploits a SQL injection vulnerability in Oracle DB's SYS.DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION to escalate privileges to DBA. It creates a malicious function, injects it via the vulnerable package, and cleans up afterward.