Bsqlbf v 2.3 With Enhanced Oracle Exploitation

May 22, 2009

A new version of bsqlbf is now available. The following are the new additions:

 -type:        Type of injection:

        3:      Type 3  is extracting data with DBA privileges
                 (e.g. Oracle password hashes from sys.user$)
        4:      Type 4 is O.S code execution(default: ping
        5:      Type 5 is Reading O.S files(default: c:boot.ini)
Type 4 (O.S code execution) supports the following sub types:

 -stype:        How you want to execute command:

        0:      SType 0 (default) is based on java,
                universal but won't work against XE
        1:      SType 1 against oracle 9 with plsql_native_make_utility
        2:      SType 2 against oracle 10 with dbms_scheduler


./ -url -type 3 -match “true” -sql “select password from sys.user$ where rownum=1”

./ -url -type 4 -match “true” -cmd “ping”

./ -url -type 5 -match “true” -file “C:boot.ini”

Download from Project Homepage:

All these additions are based on dbms_export_extension exploit. This will work against the following oracle versions:
Oracle, –, –,, XE



Leave a Reply

Your email address will not be published. Required fields are marked *