CVE-2006-2505

Oracle Database Server 10g Release 2 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-2505. PoCs published by bunker, N1V1Hd.

AI-analyzed exploit summary This Perl script exploits CVE-2006-2505 in Oracle databases by leveraging the DBMS_EXPORT_EXTENSION package to grant or revoke DBA privileges to an unprivileged user. It creates a malicious package that executes arbitrary SQL commands when triggered by the vulnerable function.

Description

Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via a reference to a malicious package in the TYPE_NAME argument in the (1) GET_DOMAIN_INDEX_TABLES or (2) GET_V2_DOMAIN_INDEX_TABLES function in the DBMS_EXPORT_EXTENSION package.

Exploits (2)

exploitdb WORKING POC VERIFIED
by bunker · perlremotemultiple
https://www.exploit-db.com/exploits/3269

This Perl script exploits CVE-2006-2505 in Oracle databases by leveraging the DBMS_EXPORT_EXTENSION package to grant or revoke DBA privileges to an unprivileged user. It creates a malicious package that executes arbitrary SQL commands when triggered by the vulnerable function.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Oracle Database 9i/10g
Auth required
Prerequisites: Valid Oracle database credentials · Oracle InstantClient with DBD::Oracle
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by N1V1Hd · textlocalmultiple
https://www.exploit-db.com/exploits/1719

This exploit leverages a vulnerability in Oracle 10g 10.2.0.2.0 by creating a malicious package that grants DBA privileges to an attacker-controlled user. It uses the DBMS_EXPORT_EXTENSION.GET_DOMAIN_INDEX_METADATA function to trigger the malicious payload.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Oracle Database 10g 10.2.0.2.0
Auth required
Prerequisites: Access to a database user with sufficient privileges to create packages and execute DBMS_EXPORT_EXTENSION
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/432078/100/0/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/432354/100/0/threaded
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/932124
Exploit, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19860
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/17699
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/432355/100/0/threaded

Scores

EPSS 0.0209
EPSS Percentile 79.1%

Details

Status published
Products (1)
oracle/database_server release_2
Published May 22, 2006
Tracked Since Feb 18, 2026