Skip to content

auxiliary scanners oracle_version_scanner

carnal0wnage edited this page Apr 19, 2011 · 4 revisions

Author(s):

CG [carnal0wnage]

Description:

Checks the server headers for common Oracle Application Server (PL/SQL Gateway) Headers.
You may want to append /apex/ to the URL; http://example.com/apex/ as a check for Oracle Application Express Servers.

References:

http://www.owasp.org/index.php/Testing_for_Oracle

Module Options:

PROXYA                                      false      Proxy IP Address
PROXYP                                      false      Proxy Port Number
RURL      http://www.example.com/test.php   true       Target address

Options Explained (Module Specific):

RURL -- You may choose to append /apex/ to the URL to check for Oracle's Application Express Servers.

Real world example:

Our target is http://vulnservmadeupname.com and we'd like to enumerate for Oracle server headers. We need to set the Remote URL (RURL) and run

 set RURL http://vulnservmadeupname.com
 run
 
 wXf auxiliary(oracle_version_scanner)//> run
 -{*}- Oracle Application Server Found!
 -{*}- https://vulnservmadeupname.com is running Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.0.2 (G;max-age=0+0;age=0;ecid=153322229599,1)

...and try again with /apex/ in the mix

set RURL http://vulnservmadeupname.com/apex/
run
Clone this wiki locally