Skip to content

auxiliary scanners oracle_modplsql_sqlinject

carnal0wnage edited this page Apr 19, 2011 · 1 revision

Author(s):

CG [carnal0wnage]

Description:

PL/SQL injection tester. Pass path and DAD tries common injection bypasss methods. Pay careful attention to the /'s in URIPATH and DAD

References:

http://www.owasp.org/index.php/Testing_for_Oracle

Module Options:

DAD       portal/                           true       The Database Access Descriptor
PROXYA                                      false      Proxy IP Address
PROXYP                                      false      Proxy Port Number
RURL      http://www.example.com/test.php   true       Target address
URIPATH   /pls/                             true       The URI PATH

Options Explained (Module Specific):

URIPATH -- Path (before portal).
DAD -- The DAD can change per-site depending on what they've named it OR if they've left the default DAD in. Either way,    
change if necessary.

Real world example:

Our target is http://vulnoraclesappisembarassingitself.com and it has a DAD at /pls/portal which may be vulnerable to injection. Leave the default setting. If changing, append the '/' after the name change. Example, if changing from portal to portal30,

set DAD portal30/

The same applies for pls only prepend and append. Example,

set URIPATH /expls/
set RURL http://vulnoraclesappisembarassingitself.com
run
Clone this wiki locally