Oracle DB 11g R1/R2 DBMS_JVM_EXP_PERMS OS Code Execution | Metasploit Exploit Database (DB)

Oracle DB 11g R1/R2 DBMS_JVM_EXP_PERMS OS Code Execution

This module exploits a flaw (0 day) in DBMS_JVM_EXP_PERMS package that allows any user with create session privilege to grant themselves java IO privileges. Identified by David Litchfield. Works on 11g R1 and R2 (Windows only).

Search Other Modules


Rank

  • Normal

Authors

  • sid < sid [at] notsosecure.com >

Vulnerability References


Development


Similar Modules


Usage Information

$ msfconsole

                ##                          ###           ##    ##
 ##  ##  #### ###### ####  #####   #####    ##    ####        ######
####### ##  ##  ##  ##         ## ##  ##    ##   ##  ##   ###   ##
####### ######  ##  #####   ####  ##  ##    ##   ##  ##   ##    ##
## # ##     ##  ##  ##  ## ##      #####    ##   ##  ##   ##    ##
##   ##  #### ###   #####   #####     ##   ####   ####   #### ###
                                      ##

msf > use auxiliary/sqli/oracle/jvm_os_code_11g
msf auxiliary(jvm_os_code_11g) > set RHOST [TARGET IP]
msf auxiliary(jvm_os_code_11g) > run


Module Options

CMD CMD to execute. (default: echo metasploit >> %SYSTEMDRIVE%\\unbreakable.txt)
DBPASS The password to authenticate with. (default: TIGER)
DBUSER The username to authenticate with. (default: SCOTT)
RHOST The Oracle host. (default: )
RPORT The TNS port. (default: 1521)
SID The sid to authenticate with. (default: ORCL)
VERBOSE Enable detailed status messages
WORKSPACE Specify the workspace for this module