VULHUB ™

This Metasploit module will escalate a Oracle DB user to MDSYS by exploiting a SQL injection bug in the MDSYS.SDO_TOPO_DROP_FTBL trigger. After that, the exploit escalates the user to DBA using "CREATE ANY TRIGGER" privilege given to the MDSYS user by creating an evil trigger in system scheme (2-stage attack).

This Metasploit module will escalate a Oracle DB user to MDSYS by exploiting a SQL injection bug in the MDSYS.SDO_TOPO_DROP_FTBL trigger. After that, the exploit escalates the user to DBA using "CREATE ANY TRIGGER" privilege given to the MDSYS user by creating an evil trigger in system scheme (2-stage attack).