module
Oracle iSQLPlus SID Check
Disclosed | Created |
---|---|
N/A | 2018-05-30 |
Disclosed
N/A
Created
2018-05-30
Description
This module attempts to bruteforce the SID on the Oracle application server iSQL*Plus
login pages. It does this by testing Oracle error responses returned in the HTTP response.
Incorrect username/pass with a correct SID will produce an Oracle ORA-01017 error.
Works against Oracle 9.2, 10.1 & 10.2 iSQL*Plus. This module will attempt to
fingerprint the version and automatically select the correct POST request.
login pages. It does this by testing Oracle error responses returned in the HTTP response.
Incorrect username/pass with a correct SID will produce an Oracle ORA-01017 error.
Works against Oracle 9.2, 10.1 & 10.2 iSQL*Plus. This module will attempt to
fingerprint the version and automatically select the correct POST request.
Authors
CG cg@carnal0wnage.com
todb todb@metasploit.com
todb todb@metasploit.com
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.