Chapter 11. Accessing the File System
Once a server has been compromised, an attacker may want to explore the file system — indeed, numerous Oracle files contain user IDs and passwords, so attackers may be able to elevate privileges if they have not already done so. Accessing the file system can be achieved using PL/SQL or Java. Because access to the file system is achieved with the privileges of the account used to run the server, attackers can gain direct, raw access to the database datafiles. As such, all database-enforced access control can be completely bypassed. You already saw this in Chapter 8, "Defeating Virtual Private Databases."
Get The Oracle® Hacker's Handbook: Hacking and Defending Oracle now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
