Oracle O.S command execution through web apps

April 27, 2009

I finally managed to get this working. Just followed the instructions on the website:

http://sec.hebei.com.cn/bbs_topic.do?forumID=18&postID=4275&replyID=0&skin=1
&saveSkin=true&pages=0&replyNum=

These are the 5 steps:
1. create java class
2. give execute permissions on java
3. create function to run cmd
4. grant execute on function to public
5. run the command.

I have copied all the long SQL commands in a text file to make things easier.

An example of command execution is:

http://192.168.172.129:81/ora2.php?name=1%20and%201=
(select%20sys.LinxRunCMD(%27cmd.exe%20/c%20whoami%27)%20from%20dual)

The website also talks about some cool hacks to get the output of the command through OOB channels.

Comments

1 Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Trackback