-
Notifications
You must be signed in to change notification settings - Fork 346
/
TODO.txt
25 lines (24 loc) · 1.45 KB
/
TODO.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
###############################################################################################################################
ODAT
###############################################################################################################################
-----------
HIGH
-----------
1. Windows reverse shell in the JAVA module (with Powershell) ?
2- Executing Code as SYSDBA: "oradebug setmypid", oradebug call system “/bin/touch -f /home/oracle/rds.txt”Function returned 0
http://blog.red-database-security.com/2011/09/17/disable-auditing-and-running-os-commands-using-oradebug/
http://www.petefinnigan.com/weblog/archives/00001353.htm
-----------
MEDIUM
-----------
1- To Transfert files via DBMS_SCHEDULER.get_file (http://docs.oracle.com/cd/B28359_01/appdev.111/b28419/d_sched.htm#BABDDBFH)
4- Read files with XMLType
5- Create files with DBMS_XMLDOM
6- Execute system command with PL/SQL native (undocumented)
7- Create an option for each module to show sql command used by this one. The aim : when the tool can't be used, sql commands generated by the tool can be used.
8- Catch errors when the credential file given by a user is not good
9- Feature for dumping/showing tables or databases (partially implemented)
-----------
LOW
-----------
1- To Transfert files via DBMS_FILE_TRANSFER (http://psoug.org/reference/dbms_file_trans.html). Need an Oracle database installed localy because need database link.