Browse Exploit & Auxiliary Modules

The Metasploit Project hosts the world's largest database of quality assured exploits, including hundreds of remote exploits, auxiliary modules, and payloads. You can even review the Metasploit Framework source code of any module - or write your own.

Search for modules

Open Source Vulnerability DataBase ID
Bugtraq ID
Full Text Search
Common Vulnerabilities Exposures ID
Microsoft Security Bulletin ID
 
Search Modules

Oracle DB SQL Injection via SYS.DBMS_CDC_IPUBLISH.ALTER_HOTLOG_INTERNAL_CSOURCE

The module exploits an sql injection flaw in the ALTER_HOTLOG_INTERNAL_CSOURCE procedure of the PL/SQL package DBMS_CDC_IPUBLISH. Any user with execute privilege on the vulnerable package can exploit this vulnerability. By default, users granted EXECUTE_CATALOG_ROLE have the required privilege. Affected versions: Oracle Database Server versions 10gR1, 10gR2 and 11gR1. Fixed with October 2008 CPU.


Rank


Authors


References


Development


Similar Modules


Usage Information

$ msfconsole

                ##                          ###           ##    ##
 ##  ##  #### ###### ####  #####   #####    ##    ####        ######
####### ##  ##  ##  ##         ## ##  ##    ##   ##  ##   ###   ##
####### ######  ##  #####   ####  ##  ##    ##   ##  ##   ##    ##
## # ##     ##  ##  ##  ## ##      #####    ##   ##  ##   ##    ##
##   ##  #### ###   #####   #####     ##   ####   ####   #### ###
                                      ##

msf > use auxiliary/sqli/oracle/dbms_cdc_ipublish
msf auxiliary(dbms_cdc_ipublish) > set RHOST [TARGET IP]
msf auxiliary(dbms_cdc_ipublish) > run


Module Options

DBPASS The password to authenticate with. (default: TIGER)
DBUSER The username to authenticate with. (default: SCOTT)
RHOST The Oracle host. (default: )
RPORT The TNS port. (default: 1521)
SID The sid to authenticate with. (default: ORCL)
SQL SQL to execute. (default: GRANT DBA TO SCOTT)
VERBOSE Enable detailed status messages
WORKSPACE Specify the workspace for this module