Oracle Secure Backup Administration property_box.php Other Variable Command Injection

Added: 09/29/2010
CVE: CVE-2010-0899
BID: 41616
OSVDB: 66333

Background

Oracle Secure Backup is a centralized tape backup management solution for Oracle Database.

Problem

A command injection vulnerability in the Oracle Secure Backup web interface allows remote attackers to execute arbitrary commands specified in the other parameter in an HTTP request for property_box.php.

Resolution

Apply the patch referenced in the Oracle Critical Patch Update for July 2009.

References

http://www.zerodayinitiative.com/advisories/ZDI-10-119/
http://secunia.com/advisories/40595/

Limitations

Exploit works on Oracle Secure Backup 10.3.0.1.0.

The target Oracle Secure Backup Administration Server must be configured to listen on the HTTP port. A valid user and password for Oracle Secure Backup Administration Server is also required.

The executable smbclient must be available on the exploit server, and a valid SMB user with permission to write to the SMB share is required. The smb password is not allowed to contain single quotes (').

Platforms

Windows

Back to exploit index