bsqlbf v2.5

April 13, 2010

I have updated bsqlbf and the latest version (2.5), has the following 2 additions:

Type 7: is O.S code execution SYS.KUPP$PROC.CREATE_MASTER_PROCESS(), with DBA Privs (11g R1 and R2)
Type 8: is O.S code execution DBMS_JAVA_TEST.FUNCALL, with JAVA IO Permissions (10g R2, 11g R1 and R2)

For more details about these 2 attack vectors, please refer to the paper, Hacking Oracle From Web

Bsqlbf Homepage

Enjoy!

Comments

2 Comments

  • s0p says:
    April 16, 2010 at 9:15 am

    This is a very good script 🙂
    I have just a small note, I find it unfortunate that there is no feature to find bases, tables or columns names.
    So you must query the database manually 🙁

    Reply

1 Trackback

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Trackback