You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+4-5Lines changed: 4 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -16,7 +16,7 @@ Usage examples of ODAT:
16
16
17
17
Tested on Oracle Database __10g__, __11g__, __12c__ and __18c__.
18
18
19
-
__ODAT linux standalone__ version at [https://github.com/quentinhardy/odat/releases/](https://github.com/quentinhardy/odat/releases/). Notice it is recommended to use the development version (*git clone*).
19
+
__ODAT linux standalone__ version at [https://github.com/quentinhardy/odat/releases/](https://github.com/quentinhardy/odat/releases/). Notice it is recommended to use the development version (*git clone*), *master-python3* branch (python 3 version).
20
20
21
21
Changelog
22
22
====
@@ -128,7 +128,7 @@ Thanks to ODAT, you can:
128
128
* DBMS_ADVISOR
129
129
*__delete files__ using:
130
130
* UTL_FILE
131
-
*__gain privileged access__ using these following system privileges combinations (see help for *privesc* module commands): (__NEW__ : 2016/02/21)
131
+
*__gain privileged access__ using these following system privileges combinations (see help for *privesc* module commands):
132
132
* CREATE ANY PROCEDURE
133
133
* CREATE PROCEDURE and EXECUTE ANY PROCEDURE
134
134
* CREATE ANY TRIGER (and CREATE PROCEDURE)
@@ -148,12 +148,11 @@ Thanks to ODAT, you can:
148
148
* pickup the session key and salt for arbitrary users
149
149
* attack by dictionary on sessions
150
150
* the [__CVE-2012-????__](https://twitter.com/gokhanatil/status/595853921479991297): A user authenticated can modify all tables who can select even if he can't modify them normally (no ALTER privilege).
151
-
* the [__CVE-2012-1675__](http://seclists.org/fulldisclosure/2012/Apr/204) (aka TNS poisoning attack) (__NEW__ : 25/03/2016)
151
+
* the [__CVE-2012-1675__](http://seclists.org/fulldisclosure/2012/Apr/204) (aka TNS poisoning attack)
152
152
*__search in column names__ thanks to the *search* module:
153
153
* search a pattern (ex: password) in column names
154
154
*__unwrap__ PL/SQL source code (10g/11g and 12c)
155
-
* get __system privileges__ and __roles granted__. It is possible to get privileges and roles of roles granted also (__NEW__ : 21/02/2016)
156
-
155
+
* get __system privileges__ and __roles granted__. It is possible to get privileges and roles of roles granted also
0 commit comments