auxiliary scanners oracle_dad_scanner

Author(s):

CG [carnal0wnage]

Description:

This scans for common ORACLE Database Access Desriptors (DAD)

References:

http://www.owasp.org/index.php/Testing_for_Oracle

Module Options:

PROXYA                                      false      Proxy IP Address
PROXYP                                      false      Proxy Port Number
RURL      http://www.example.com/test.php   true       Target address
VERBOSE   true                              true       Show 404s and other errors

Options Explained (Module Specific):

VERBOSE -- To show all error codes, 404, 401, 500, etc. set to 'true', otherwise wXf will only display 200, 301 and 302 response codes.

Real world example:

We'd like to test a potentially vulnerable site which may contain a Database Access Descriptor page. The target is www.hacktargetexample.com, port 443 (HTTPS). We'd like to observe all response codes.

set RURL https://www.hacktargetexample.com
set VERBOSE true
run

Provide feedback

Saved searches

Use saved searches to filter your results more quickly