Related information Oracle multiple security vulnerabilities ACROS Security: HTML Injection in Oracle WebLogic Server Console (ASPR #2009-10-30-1) CVE-2009-1979 (Oracle RDBMS) [DSECRG-09-010] Oracle 10g CTXSYS.DRVXTABC - plsql injection US-CERT Technical Cyber Security Alert TA09-294A -- Oracle Updates for Multiple Vulnerabilities From:Andrea Purificato <a.purificato_(at)_uni.it> Date:30.11.2009Subject:Oracle exploit for CTXSYS.DRVXTABC.CREATE_TABLES and othersHi! I've just released the working exploit for CTXSYS.DRVXTABC.CREATE_TABLES injection on Oracle DB 9i/10g (CVE-2009-1991) You can find the code on my site, http://rawlab.mindcreations.com In particular, Classic SQL injection: http://rawlab.mindcreations.com/codes/exploit/oracle/ctxsys-drvxtabc-create_table s.sql Cursor injection: http://rawlab.mindcreations.com/codes/exploit/oracle/ctxsys-drvxtabc-create_table sV2.sql Into the site you can find exploits for COMPRESSWORKSPACETREE, REMOVEWORKSPACE and MERGEWORKSPACE injections (SYS.LT) too. Regards, -- Andrea "bunker" Purificato Ethical Hacker @ Unidata S.p.A. http://rawlab.mindcreations.com
Oracle multiple security vulnerabilities
ACROS Security: HTML Injection in Oracle WebLogic Server Console (ASPR #2009-10-30-1)
CVE-2009-1979 (Oracle RDBMS)
[DSECRG-09-010] Oracle 10g CTXSYS.DRVXTABC - plsql injection
US-CERT Technical Cyber Security Alert TA09-294A -- Oracle Updates for Multiple Vulnerabilities
