Thursday, September 24, 2009

BToD > Intruder & Probing for Oracle's OWA_UTIL stored procedure

Today I am just giving a cheat sheet for loading into Burp via the Intruder > Preset List Payload Set. This list contains known Oracle owa_util.cellsprint bypasses (minus the first one). This way you can detect whether or not you have a vulnerable stored procedure. Probably not a good idea to have the PL/SQL gateway out in the open but if it is now you can detect whether or not its easily exploited.

The preset list contains:


NOTE: STRIP THE QUOTATION MARKS OUT FROM ENCLOSING LBL SO IT IS ONLY LBL. I just had to enclose them to bypass blogspot's filter.

So create a notepad file containing this list. Send request for into Intruder.

Navigate to Intruder > Positions and add position markers around vulnerable_procedure like so:

Navigate to > Payload Preset List and click 'load':

 Open the oracle payload file:

Then start!

If you have a 403 response you know you won't be able to access this. Otherwise, game on.

Happy Hacking!

No comments: