forked from forced-request/wXf
-
Notifications
You must be signed in to change notification settings - Fork 0
auxiliary scanners oracle_version_scanner
carnal0wnage edited this page Apr 19, 2011
·
4 revisions
CG [carnal0wnage]
Checks the server headers for common Oracle Application Server (PL/SQL Gateway) Headers.
You may want to append /apex/ to the URL; http://example.com/apex/ as a check for Oracle Application Express Servers.
http://www.owasp.org/index.php/Testing_for_Oracle
PROXYA false Proxy IP Address
PROXYP false Proxy Port Number
RURL http://www.example.com/test.php true Target address
RURL -- You may choose to append /apex/ to the URL to check for Oracle's Application Express Servers.
Our target is http://vulnservmadeupname.com and we'd like to enumerate for Oracle server headers. We need to set the Remote URL (RURL) and run
set RURL http://vulnservmadeupname.com
run
wXf auxiliary(oracle_version_scanner)//> run
-{*}- Oracle Application Server Found!
-{*}- https://vulnservmadeupname.com is running Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.0.2 (G;max-age=0+0;age=0;ecid=153322229599,1)
...and try again with /apex/ in the mix
set RURL http://vulnservmadeupname.com/apex/
run