More On Oracle O.S command execution

May 1, 2009

I wrote a small perl script to automate this process. The script ‘’ exploits web based SQL Injections and execute O.S commands on the Oracle host.

Oracle command execution via web apps
sid-at-NotSoSecure //
suported versions <=, all platforms ------------------------------------------------------------------------ Usage:

EXAMPLE: ./ “’ ” “net user notsosecure n0tsos3cur3 /add”
EXAMPLE: ./ “ ” “net user notsosecure n0tsos3cur3 /add”

Download Here


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.