18 matches found
Oracle DB 10gR2, 11gR1/R2 DBMS_JVM_EXP_PERMS OS Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle DB 10gR2, 11gR1/R2 DBMSJVMEXPPERMS OS Command Execution', 'Description' = %q This module exploits a flaw 0 day in DBMSJVMEXPPERMS package...
Oracle DB SQL Injection Via SYS.DBMS_METADATA.OPEN
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle DB SQL Injection via SYS.DBMSMETADATA.OPEN', 'Description' = %q This module will escalate a Oracle DB user to DBA by exploiting an sql...
Oracle DB SQL Injection Via SYS.DBMS_METADATA.GET_XML
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle DB SQL Injection via SYS.DBMSMETADATA.GETXML', 'Description' = %q This module will escalate an Oracle DB user to DBA by exploiting a sql...
Oracle DB SQL Injection In MDSYS.SDO_TOPO_DROP_FTBL Trigger
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle DB SQL Injection in MDSYS.SDOTOPODROPFTBL Trigger', 'Description' = %q This module will escalate an Oracle DB user to MDSYS by exploiting ...
Oracle DB SQL Injection Via SYS.LT.ROLLBACKWORKSPACE
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle DB SQL Injection via SYS.LT.ROLLBACKWORKSPACE', 'Description' = %q This module exploits a sql injection flaw in the ROLLBACKWORKSPACE...
Oracle DB SQL Injection Via SYS.DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle DB SQL Injection via SYS.DBMSCDCSUBSCRIBE.ACTIVATESUBSCRIPTION', 'Description' = %q This module will escalate an Oracle DB user to DBA by...
Oracle DB Compliance Checks
Binary data oracledbcompliancecheck.nbin...
Oracle Instant Recovery fails with "Database is online. Failed to restore database files."
Challenge Instant Recovery of an Oracle DB with version 12.1-12.2 fails with the following error show in the console: Database is online. Failed to restore database files. Copy Veeam Log Example C:\ProgramData\Veeam\Backup\ExplorerStandByService\Logs\VEOR\InstantRecovery\session.log SSH output 3:...
U.S. Dept Of Defense: Followup - SQL Injection - https://██████████/██████/MSI.portal
Summary: Time based blind sql injection for parameter MSIadditionalFilterType1, at the following URL: https://███/███/MSI.portal?nfpb=true&pageLabel=msiportalpage61 Description: This is a follow up to a previous report I submitted: https://hackerone.com/reports/674838 The following page has a for...
Subex ROC Fraud Management System 7.4 SQL Injection Vulnerability
Subex ROC Fraud Management System version 7.4 suffers from a remote unauthenticated time-based blind SQL injection vulnerability. ======================================================================================= Subex ROC Fraud Management System v7.4 - Unauthenticated Blind-Time Based SQL...
Oracle DB SQL Injection via SYS.DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION
This module will escalate an Oracle DB user to DBA by exploiting a sql injection bug in the SYS.DBMSCDCSUBSCRIBE.ACTIVATESUBSCRIPTION package/function. This vulnerability affects to Oracle Database Server 9i up to 9.2.0.5 and 10g up to 10.1.0.4. This module requires Metasploit:...
Oracle DB SQL Injection via SYS.DBMS_CDC_PUBLISH.CREATE_CHANGE_SET
The module exploits an sql injection flaw in the CREATECHANGESET procedure of the PL/SQL package DBMSCDCPUBLISH. Any user with execute privilege on the vulnerable package can exploit this vulnerability. By default, users granted EXECUTECATALOGROLE have the required privilege. This module requires...
Oracle DB SQL Injection in MDSYS.SDO_TOPO_DROP_FTBL Trigger
This module will escalate an Oracle DB user to MDSYS by exploiting a sql injection bug in the MDSYS.SDOTOPODROPFTBL trigger. After that exploit escalate user to DBA using "CREATE ANY TRIGGER" privilege given to MDSYS user by creating evil trigger in system scheme 2-stage attack. This module...
Oracle DB SQL Injection via DBMS_EXPORT_EXTENSION
This module will escalate an Oracle DB user to DBA by exploiting a sql injection bug in the DBMSEXPORTEXTENSION.GETDOMAININDEXMETADATA package. Note: This module has been tested against 9i, 10gR1 and 10gR2. This module requires Metasploit: https://metasploit.com/download Current source:...
Oracle DB SQL Injection via SYS.LT.MERGEWORKSPACE
This module exploits a sql injection flaw in the MERGEWORKSPACE procedure of the PL/SQL package SYS.LT. Any user with execute privilege on the vulnerable package can exploit this vulnerability. This module requires Metasploit: https://metasploit.com/download Current source:...
Oracle DB SQL Injection via SYS.DBMS_METADATA.OPEN
This module will escalate a Oracle DB user to DBA by exploiting an sql injection bug in the SYS.DBMSMETADATA.OPEN package/function. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle DB SQL...
Oracle 10g - MDSYS.SDO_TOPO_DROP_FTBL SQL Injection (Metasploit)
Oracle 10g - MDSYS.SDOTOPODROPFTBL SQL Injection Metasploit $Id: droptabletrigger.rb This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
CREATE ANY DIRECTORY to SYSDBA
I have found a serious privilege escalation in the Oracle DB that raises a lower privileged user with CREATE ANY DIRECTORY to that of SYSDBA by directly overwriting the hidden binary password file with a known binary password file via UTLDIR. Full discussion of how to defend and respond to this a...