Oracle 9i/10g Database OBJECT_TYPE Remote SQL Injection Vulnerability

Oracle 9i/10g Database OBJECT_TYPE Remote SQL Injection Vulnerability

There is no exploit required. A proof of concept exploit has been published by Argeniss. If the preconditions are met, this exploit will grant DBA privileges to user "SCOTT":

http://www.argeniss.com/research/OraDBMS_METADATAExploit.txt