Metasploit modules that can be used to exploit Oracle » Database Server
-
Oracle TNS Listener Checker
Disclosure Date: 2012-04-18First seen: 2020-04-26auxiliary/scanner/oracle/tnspoison_checkerThis module checks the server for vulnerabilities like TNS Poison. Module sends a server a packet with command to register new TNS Listener and checks for a response indicating an error. If the registration is errored, the target is not vulnerable. Otherwise, the target is vulnerable to malicious registrations. Authors: - ir0njaw (Nikita Kelesis) <nikita.elkey@gmail.com> -
Oracle Database Client System Analyzer Arbitrary File Upload
Disclosure Date: 2011-01-18First seen: 2020-04-26exploit/windows/oracle/client_system_analyzer_uploadThis module exploits an arbitrary file upload vulnerability on the Client Analyzer component as included in Oracle Database 11g, which allows remote attackers to upload and execute arbitrary code. This module has been tested successfully on Oracle Database 11g 11.2.0.1.0 on Windows 2003 SP2, where execution through the Windows Management Instrumentation service has been used. Authors: - 1c239c43f521145fa8385d64a9c32243 - juan vazquez <juan.vazquez@metasploit.com> -
Oracle DB SQL Injection via SYS.DBMS_CDC_PUBLISH.CREATE_CHANGE_SET
Disclosure Date: 2010-10-13First seen: 2020-04-26auxiliary/sqli/oracle/dbms_cdc_publish3The module exploits an sql injection flaw in the CREATE_CHANGE_SET procedure of the PL/SQL package DBMS_CDC_PUBLISH. Any user with execute privilege on the vulnerable package can exploit this vulnerability. By default, users granted EXECUTE_CATALOG_ROLE have the required privilege. Authors: - MC <mc@metasploit.com> -
Oracle DB SQL Injection via SYS.DBMS_CDC_PUBLISH.DROP_CHANGE_SOURCE
Disclosure Date: 2010-04-26First seen: 2020-04-26auxiliary/sqli/oracle/dbms_cdc_publish2The module exploits an sql injection flaw in the DROP_CHANGE_SOURCE procedure of the PL/SQL package DBMS_CDC_PUBLISH. Any user with execute privilege on the vulnerable package can exploit this vulnerability. By default, users granted EXECUTE_CATALOG_ROLE have the required privilege. Authors: - MC <mc@metasploit.com> -
Oracle DB 10gR2, 11gR1/R2 DBMS_JVM_EXP_PERMS OS Command Execution
Disclosure Date: 2010-02-01First seen: 2020-04-26auxiliary/sqli/oracle/jvm_os_code_10gThis module exploits a flaw (0 day) in DBMS_JVM_EXP_PERMS package that allows any user with create session privilege to grant themselves java IO privileges. Identified by David Litchfield. Works on 10g R2, 11g R1 and R2 (Windows only) Authors: - sid <sid@notsosecure.com> -
Oracle DB 11g R1/R2 DBMS_JVM_EXP_PERMS OS Code Execution
Disclosure Date: 2010-02-01First seen: 2020-04-26auxiliary/sqli/oracle/jvm_os_code_11gThis module exploits a flaw (0 day) in DBMS_JVM_EXP_PERMS package that allows any user with create session privilege to grant themselves java IO privileges. Identified by David Litchfield. Works on 11g R1 and R2 (Windows only). Authors: - sid <sid@notsosecure.com> -
Oracle 10gR2 TNS Listener AUTH_SESSKEY Buffer Overflow
Disclosure Date: 2009-10-20First seen: 2020-04-26exploit/windows/oracle/tns_auth_sesskeyThis module exploits a stack buffer overflow in Oracle. When sending a specially crafted packet containing a long AUTH_SESSKEY value to the TNS service, an attacker may be able to execute arbitrary code. Authors: - jduck <jduck@metasploit.com> -
Oracle DB SQL Injection via SYS.LT.FINDRICSET Evil Cursor Method
Disclosure Date: 2007-10-17First seen: 2020-04-26auxiliary/sqli/oracle/lt_findricset_cursorThis module will escalate an Oracle DB user to DBA by exploiting a sql injection bug in the SYS.LT.FINDRICSET package via Evil Cursor technique. Tested on oracle 10.1.0.3.0 -- should work on thru 10.1.0.5.0 and supposedly on 11g. Fixed with Oracle Critical Patch update October 2007. Authors: - CG <cg@carnal0wnage.com> -
Oracle DB SQL Injection via DBMS_EXPORT_EXTENSION
Disclosure Date: 2006-04-26First seen: 2020-04-26auxiliary/sqli/oracle/dbms_export_extensionThis module will escalate an Oracle DB user to DBA by exploiting a sql injection bug in the DBMS_EXPORT_EXTENSION.GET_DOMAIN_INDEX_METADATA package. Note: This module has been tested against 9i, 10gR1 and 10gR2. Authors: - MC <mc@metasploit.com> -
Oracle 9i XDB FTP PASS Overflow (win32)
Disclosure Date: 2003-08-18First seen: 2020-04-26exploit/windows/ftp/oracle9i_xdb_ftp_passBy passing an overly long string to the PASS command, a stack based buffer overflow occurs. David Litchfield, has illustrated multiple vulnerabilities in the Oracle 9i XML Database (XDB), during a seminar on "Variations in exploit methods between Linux and Windows" presented at the Blackhat conference. Authors: - MC <mc@metasploit.com> -
Oracle 9i XDB FTP UNLOCK Overflow (win32)
Disclosure Date: 2003-08-18First seen: 2020-04-26exploit/windows/ftp/oracle9i_xdb_ftp_unlockBy passing an overly long token to the UNLOCK command, a stack based buffer overflow occurs. David Litchfield, has illustrated multiple vulnerabilities in the Oracle 9i XML Database (XDB), during a seminar on "Variations in exploit methods between Linux and Windows" presented at the Blackhat conference. Oracle9i includes a number of default accounts, including dbsnmp:dbsmp, scott:tiger, system:manager, and sys:change_on_install. Authors: - MC <mc@metasploit.com> - David Litchfield <david@ngssoftware.com> -
Oracle 9i XDB HTTP PASS Overflow (win32)
Disclosure Date: 2003-08-18First seen: 2020-04-26exploit/windows/http/oracle9i_xdb_passThis module exploits a stack buffer overflow in the authorization code of the Oracle 9i HTTP XDB service. David Litchfield, has illustrated multiple vulnerabilities in the Oracle 9i XML Database (XDB), during a seminar on "Variations in exploit methods between Linux and Windows" presented at the Blackhat conference. Authors: - MC <mc@metasploit.com>
12 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers.
Visit metasploit web site for more details