Saturday, February 21, 2009

New Oracle SQLI Coverage

MC recently added some recent Oracle SQLI exploits by Sh2kerr of Digital Security Research Group which is a great site if you are into Oracle stuff. Their Different ways to guess Oracle SIDs paper is really good.

Info here

adds coverage for:

Oct 08 CPU


They also published
droptable_trigger (MDSYS.SDO_TOPO_DROP_FTBL Trigger)

which is coverage for:

Jan 2009 CPU

all four exploits are in trunk. Enjoy!

1 comment:

Anonymous said...

If you not on the msf hackers mailing list, i sent this a few days ago: