A simple and quick way to check if your SQL Developer by Oracle is vulnerable to SQL Injection (CVE-2023-3163), most commonly occurs when SQL Developer version < 23.1.0.# CVE-2023-3163-SQL-Injection-Prevention
A simple and quick way to check if your SQL Developer by Oracle is vulnerable to SQL Injection (CVE-2023-3163), most commonly occurs when SQL Developer version < 23.1.0.
CVE-2023-21969 Exploit - SQL Developer Vulnerability Check
Description
This repository contains a simple and intuitive exploit for CVE-2023-21969, a vulnerability found in SQL Developer versions prior to 23.1.0. The exploit allows you to check if your SQL Developer Database is vulnerable to SQL injection attacks. It is a quick method to assess the security of your database and identify potential risks.
Prerequisites
Before using this exploit, make sure you have the following requirements met:
SQL Developer version prior to 23.1.0 (E.g. 18.0.0)
Access to a SQL Developer Database, or any other DB system for testing purposes
Installation
To use this exploit, follow these steps:
1. Clone the repository to your local machine:
git clone https://github.com/George0Papasotiriou/CVE-2023-3163-SQL-Injection-Prevention
2. Change into the project directory:
cd cve-2023-21969-exploit
3. Just run Main.sql (For POSTGRE SQL Systems) or SQL Developer by Oracle.sql on your SQL Developer DB.
For SQL Developer by Oracle Systems, it is required to open the Dbms Output window, in order to see any fruitful messages regarding your system's security and integrity.
In order to open the Dbms Output window: click on the "View" menu on the top of the screen and then click on Dbms Output, a small window will apprear at the bottom of the script output window.
Disclaimer
Please note that this exploit is provided for educational and testing purposes only. Use it responsibly and with the explicit permission of the target system owner. The author and contributors of this repository are not responsible for any misuse or damage caused by the exploitation of this vulnerability. Currently the script is only able to detect a handful of SQL Injection attack vectors, and it is not recommended for sufficient testing, at least at its current state.
Contributing
If you would like to contribute to this project, feel free to submit pull requests or open issues on the repository. Contributions are always welcome and appreciated.
License
This project is licensed under the MIT License. Feel free to modify and distribute the code within the terms of the license.
Contact
For any questions or inquiries, you can reach out to the project owner:
Name: George Papasotiriou
Email: G.papasotiriou@acg.edu
Please provide clear and concise details when contacting for support or reporting issues.
[4.0K] /data/pocs/38b63a6eba5ee47322725cb32e3419e47f7c73b4
├── [1.1K] LICENSE
├── [2.3K] Main.sql
├── [2.5K] README.md
└── [2.3K] SQL Developer by Oracle.sql
0 directories, 4 files