Topic: Sql an injection in Oracle 12c
Kind time of days! There is David Litchfilda's known operation, describing usage sql - injections for obtaining of powers dba: http://www.davidlitchfield.com/Exploiti
In operation the example showing usage of unguarded procedure, created by the user sys is offered. Accordingly, having only access to this procedure and create session the privilege we can do everything that it is necessary for soul.
Problem in the following:
Let vulnerable procedure vulnProc is created not by the user sys, and user1 with a role dba.
Also there is a user user2, possessing rights of use of this procedure, the rights to creation of session and review of the tables created user1.
And here for the life of me, I can not understand how to use this vulnerability that user2 a smog make insert in the table user1.
I ask the help and council)