* Posts by dwlitchfield

3 publicly visible posts • joined 20 Jan 2015

Oracle E-Business suite wide open to database attack

dwlitchfield

Re: No DML or DDL possible in functions called by function-based indexes.

If you want more technical details on how to exploit function based indexes to execute arbitrary SQL just watch this talk. HTH! https://www.youtube.com/watch?v=z0ccYgcBSGg#t=710

dwlitchfield

Re: Conspiracy?

DUAL is used internally by many objects. On my Oracle 12c server for example, there are 242 objects that depend on DUAL. HTH!

dwlitchfield

Re: No DML or DDL possible in functions called by function-based indexes.

You *can* execute DML and DDL. First create a function and specify pragma autonomous transaction... Place your execute immediate 'grant dba to public' in the function then call the function. I've been doing this for years and I know what I'm talking about :)

Cheers,

David Litchfield