module
Oracle DB SQL Injection via SYS.DBMS_CDC_PUBLISH.CREATE_CHANGE_SET
Disclosed | Created |
---|---|
Oct 13, 2010 | May 30, 2018 |
Disclosed
Oct 13, 2010
Created
May 30, 2018
Description
The module exploits an sql injection flaw in the CREATE_CHANGE_SET
procedure of the PL/SQL package DBMS_CDC_PUBLISH. Any user with execute privilege
on the vulnerable package can exploit this vulnerability. By default, users granted
EXECUTE_CATALOG_ROLE have the required privilege.
procedure of the PL/SQL package DBMS_CDC_PUBLISH. Any user with execute privilege
on the vulnerable package can exploit this vulnerability. By default, users granted
EXECUTE_CATALOG_ROLE have the required privilege.
Author
MC mc@metasploit.com
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.