carnal0wnage and Attack Research join forces!

I'm happy to announce that carnal0wnage and Attack Research have joined blog forces!

the new home for the blog will be:

http://carnal0wnage.attackresearch.com/

please point your RSS readers to the new location and enjoy

With the new blog is the ability for a few more people to post. If you want to contribute please email c0arblog@attackresearch.com

-CG

Saturday, February 21, 2009

New Oracle SQLI Coverage

MC recently added some recent Oracle SQLI exploits by Sh2kerr of Digital Security Research Group which is a great site if you are into Oracle stuff. Their Different ways to guess Oracle SIDs paper is really good.

Info here
http://trac.metasploit.com/changeset/6234

adds coverage for:
http://www.appsecinc.com/resources/alerts/oracle/2008-10.shtml

Oct 08 CPU

lt_compressworkspacetree.rb
lt_mergeworkspace.rb
lt_removeworkspace.rb

They also published
droptable_trigger (MDSYS.SDO_TOPO_DROP_FTBL Trigger)

which is coverage for:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html

Jan 2009 CPU

all four exploits are in trunk. Enjoy!

Digg this

Posted by CG at 8:20 AM

Labels: , ,

1 comments:

MC said...

If you not on the msf hackers mailing list, i sent this a few days ago:

http://spool.metasploit.com/pipermail/framework-hackers/2009-February/000653.html

February 21, 2009 9:12 AM

Post a Comment

Subscribe to: Post Comments (Atom)