MC recently added some recent Oracle SQLI exploits by Sh2kerr of Digital Security Research Group which is a great site if you are into Oracle stuff. Their Different ways to guess Oracle SIDs paper is really good.
Info here
http://trac.metasploit.com/changeset/6234
adds coverage for:
http://www.appsecinc.com/resources/alerts/oracle/2008-10.shtml
Oct 08 CPU
lt_compressworkspacetree.rb
lt_mergeworkspace.rb
lt_removeworkspace.rb
They also published
droptable_trigger (MDSYS.SDO_TOPO_DROP_FTBL Trigger)
which is coverage for:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html
Jan 2009 CPU
all four exploits are in trunk. Enjoy!
If you not on the msf hackers mailing list, i sent this a few days ago:
ReplyDeletehttp://spool.metasploit.com/pipermail/framework-hackers/2009-February/000653.html