This is a follow up on my previous post about SYSDBA keeping invoker rights when calling PL/SQL procedure. There was no direct privilege escalation but I mentioned that you need to craft your code so that it gets called by a SYSDBA user. This is what we are going to do now and here is the fun part starts.

Working on the previous test case a bit more I figured that the same anomaly is observed with triggers. So here is one way to get your PL/SQL code called by a SYSDBA. In this case you need to be able to create trigger on database, i. e. need privileges ADMINISTER DATABASE TRIGGER and CREATE TRIGGER.
(more…)