CVE-2010-3600 PoC — Oracle Database Server Client System Analyzer组件未明漏洞

Source

https://github.com/LAITRUNGMINHDUC/CVE-2010-3600-PythonHackOracle11gR2

Associated Vulnerability

Title:Oracle Database Server Client System Analyzer组件未明漏洞 (CVE-2010-3600)
Description:Oracle Database Server是美国甲骨文（Oracle）公司的一套关系数据库管理系统。该数据库管理系统提供数据管理、分布式处理等功能。 Oracle Database Server 11.1.0.7和11.2.0.1版本，以及Enterprise Manager Grid Control 10.2.0.5版本的Client System Analyzer组件中存在未明漏洞。远程攻击者可借助未知向量影响机密性、完整性和可用性。

Description

This Python 3 script is for uploading shell (and other files) to Windows Server / Linux via Oracle 11g R2 (CVE-2010-3600).

File Snapshot


 [4.0K]  /data/pocs/110604fdefb066c298049312646723f5fbbaa83a
├── [5.0K]  aspx-shell.aspx
├── [2.0K]  HackOracle.py
└── [3.4K]  tiny-shell.php

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!