Oracle Secure Backup is a centralized tape backup management solution for Oracle Database.
A command execution vulnerability in the Oracle Secure Backup web interface allows remote attackers to execute arbitrary commands specified in the
**ora_osb_lcookie** parameter in an HTTP request for
Apply the patch referenced in the Oracle Critical Patch Update for January 2009.
Exploit works on Oracle Secure Backup 10.1.0.3.
When exploiting Windows targets, SAINTexploit must be able to bind to port 69/UDP.
When exploiting Linux targets, the "nc" utility must be installed on the target platform.
The IO-Socket-SSL PERL module is required for this exploit to run. This module is available from <http://www.cpan.org/modules/by-module/IO/>.