Browse Exploit & Auxiliary Modules

The Metasploit Project hosts the world's largest database of quality assured exploits, including hundreds of remote exploits, auxiliary modules, and payloads. You can even review the Metasploit Framework source code of any module - or write your own.

Search for modules

Open Source Vulnerability DataBase ID
Bugtraq ID
Full Text Search
Common Vulnerabilities Exposures ID
Microsoft Security Bulletin ID
 
Search Modules

Oracle DB SQL Injection via SYS.DBMS_CDC_PUBLISH.CREATE_CHANGE_SET

The module exploits an sql injection flaw in the CREATE_CHANGE_SET procedure of the PL/SQL package DBMS_CDC_PUBLISH. Any user with execute privilege on the vulnerable package can exploit this vulnerability. By default, users granted EXECUTE_CATALOG_ROLE have the required privilege.


Rank


Authors


References


Development


Similar Modules


Usage Information

$ msfconsole

                ##                          ###           ##    ##
 ##  ##  #### ###### ####  #####   #####    ##    ####        ######
####### ##  ##  ##  ##         ## ##  ##    ##   ##  ##   ###   ##
####### ######  ##  #####   ####  ##  ##    ##   ##  ##   ##    ##
## # ##     ##  ##  ##  ## ##      #####    ##   ##  ##   ##    ##
##   ##  #### ###   #####   #####     ##   ####   ####   #### ###
                                      ##

msf > use auxiliary/sqli/oracle/dbms_cdc_publish3
msf auxiliary(dbms_cdc_publish3) > set RHOST [TARGET IP]
msf auxiliary(dbms_cdc_publish3) > run


Module Options

DBPASS The password to authenticate with. (default: TIGER)
DBUSER The username to authenticate with. (default: SCOTT)
RHOST The Oracle host. (default: )
RPORT The TNS port. (default: 1521)
SID The sid to authenticate with. (default: ORCL)
SQL SQL to execute. (default: GRANT DBA TO SCOTT)
VERBOSE Enable detailed status messages
WORKSPACE Specify the workspace for this module