[<prev] [next>] [day] [month] [year] [list]
Message-ID: <52E6E5C9.2000904@netinfiltration.com>
Date: Mon, 27 Jan 2014 18:03:37 -0500
From: "NI @root" <security@...infiltration.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Oracle Reports Exploit - Remote Shell/Dump
Passwords
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Exploit code released
Oracle Forms and Reports
9iAS, 9iDS, 10G (DS and AS), and 10G AS Reports/Forms Standalone
Installation
11g if patch or workaround not applied
12g code rewrite has mitigated this vulnerability.
Undocument PARSEQUERY function allows dumping database user/pass@db with
unauthenticated browser. Patch/workaround doesn't seem to actually
address the parsequery problem but seems they simply obfuscated it by
disabling diagnostic output.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3153
URLPARAMETER vulnerability allows browsing/downloading files, planting
files as well as gaining a remote shell
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3152 and
CVE-2012-????
Exploits can be found here
http://netinfiltration.com/
- --
Dana Taylor
http://netinfilration.com
@netinfiltration
@miss_sudo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJS5uXJAAoJELwuSLPAtCgju9cH/0QcPuT8wGEbxAaxaHyFJl5r
BxdGCXm51pUFBa3poh9hxYDinxRqhPsWCzgBNW/xfgVF8xk0/XGSNfLNpLRE3q0d
x8M2H0HSXAHozv1ItdCh2C1Xdd35qvDXy6IzR1MiHT8Jv3RyznucrkdyHYFbT1as
7ppxktSbBltOxADg8TLHOAnmMNwD3kpZUYnMVuK9G1bL7GgAo7npyBr7A2mvPN1B
OPeAb5rfDpFZeT6OJ1VoodE4gOOKdvb6iexYe9yHfzeispZp948ItVhhPAhYbRXJ
PYjA7lZiZnNwZeZKotGJxv2Z8L2CbE10q7N8W/ntSbLOfrm4REL0tJ8NvAxg72M=
=XkQd
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists