SHARE
CORE IMPACT v10 - Exploits Update (Fri Jan 29 2010)
OracleDB sys_context Remote Stack Overflow Exploit
Exploits/Remote [Linux]
• Fri Jan 29 2010
A buffer overflow vulnerability was found in the SYS_CONTEXT procedure in Oracle Database Server allows a valid database user to execute arbitrary code. The vulnerability can be exploited by any valid database user with CONNECT privileges. The buffer overflow can then be exploited by calling the SYS_CONTEXT() function. This module has two uses: One as a Remote Exploit, which needs authentication, and another as an SQL Injection OS Agent installer module, which needs an Oracle SQL Agent as a target.
Exploits Vulnerabiltiy: NOCVE-9999-40979