SHARE
CORE IMPACT v9 - Exploits Update (Fri Oct 09 2009)
Oracle Secure Backup Remote Command Execution Exploit
Exploits/Remote Code Execution [Windows]
• Fri Oct 09 2009
This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Secure Backup. User interaction is not required to exploit this vulnerability. The specific flaw exists in the logic used to authenticate a user to the administration server running on port 443. The script login.php does not properly sanitize the 'username' variable before using it in a database query. A specially crafted 'username' allows unauthorized attackers to log in with full administrative capabilities.
Exploits Vulnerabiltiy: CVE-2009-1977