(8.0.26)
https://sqlwiki.netspi.com/attackQueries/executingOSCommands/#mysql
調べたかぎりなし
(19c)
https://totech.hateblo.jp/entry/2014/03/20/165701
-- 1. 事前準備
alter system set sga_max_size = 1200M scope=spfile;
alter system set sga_target = 1200M scope=spfile;
alter system set java_pool_size = 50M scope=spfile;
alter pluggable database pdb2 close immediate;
drop pluggable database pdb2 INCLUDING DATAFILES;
shutdown immediate
startup
vim /etc/oratab
※設定がない場合は追加
orcl:/u01/app/oracle/product/19.0.0/dbhome_1:Y
PDBはすべて起動した状態でdbca実行
LANG=C dbca
select comp_name, version from dba_registry where comp_name like '%JAVA%';
-- 2. PLSQL_OSCOMMANDをインストール
unzip PLSQL_OSCOMMAND_1.0.zip
cd src/12c/
sqlplus / as sysdba
@install.sql
alter session set container =pdb1;
@install.sql
-- 3. 一般ユーザへの権限付与
sqlplus / as sysdba
alter session set container =pdb1;
@04-grant-public.sql
call dbms_java.grant_permission( 'TEST', 'SYS:java.io.FilePermission', '<<ALLFILES>>', 'execute' );
grant javasyspriv to test;
-- 4. 動作確認
set long 20000
select os_command.exec_clob('/bin/ls /home/oracle') ret from dual;
(14)
https://www.ecomottblog.com/?p=1419
drop table tab1;
create table tab1(col1 text);
copy tab1 from program 'ls /var/lib/pgsql';
select * from tab1;
sp_configure 'show advanced options', 1
reconfigure
go
sp_configure 'xp_cmdshell', 1
reconfigure
go
exec xp_cmdshell 'dir C:\'
go
