'[Full-disclosure] Oracle Reports Exploit - Remote Shell/Dump Passwords'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-disclosure] Oracle Reports Exploit - Remote Shell/Dump Passwords
From:       "NI  () root" <security () netinfiltration ! com>
Date:       2014-01-27 23:03:37
Message-ID: 52E6E5C9.2000904 () netinfiltration ! com
[Download RAW message or body]


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Exploit code released

Oracle Forms and Reports
9iAS, 9iDS, 10G (DS and AS), and 10G AS Reports/Forms Standalone
Installation
11g if patch or workaround not applied
12g code rewrite has mitigated this vulnerability.

Undocument PARSEQUERY function allows dumping database user/pass@db with
unauthenticated browser. Patch/workaround doesn't seem to actually
address the parsequery problem but seems they simply obfuscated it by
disabling diagnostic output.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3153

URLPARAMETER vulnerability allows browsing/downloading files, planting
files as well as gaining a remote shell

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3152 and
CVE-2012-????

Exploits can be found here

http://netinfiltration.com/

- -- 
Dana Taylor
http://netinfilration.com
@netinfiltration
@miss_sudo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJS5uXJAAoJELwuSLPAtCgju9cH/0QcPuT8wGEbxAaxaHyFJl5r
BxdGCXm51pUFBa3poh9hxYDinxRqhPsWCzgBNW/xfgVF8xk0/XGSNfLNpLRE3q0d
x8M2H0HSXAHozv1ItdCh2C1Xdd35qvDXy6IzR1MiHT8Jv3RyznucrkdyHYFbT1as
7ppxktSbBltOxADg8TLHOAnmMNwD3kpZUYnMVuK9G1bL7GgAo7npyBr7A2mvPN1B
OPeAb5rfDpFZeT6OJ1VoodE4gOOKdvb6iexYe9yHfzeispZp948ItVhhPAhYbRXJ
PYjA7lZiZnNwZeZKotGJxv2Z8L2CbE10q7N8W/ntSbLOfrm4REL0tJ8NvAxg72M=
=XkQd
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic