CVE-2007-5508

Oracle Database 10.1.0.5 and 10.2.0.3 - Authenticated SQL Injection in CTX_DOC Procedures

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5508. PoCs published by sh2kerr.

AI-analyzed exploit summary This exploit leverages SQL injection in Oracle 10g's CTX_DOC.MARKUP function to execute arbitrary PL/SQL code, granting DBA privileges to an unprivileged user. It demonstrates privilege escalation via autonomous transactions and malicious function execution.

Description

Multiple SQL injection vulnerabilities in the CTXSYS Intermedia application for the Oracle Text component (CTX_DOC) in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) THEMES, (2) GIST, (3) TOKENS, (4) FILTER, (5) HIGHLIGHT, and (6) MARKUP procedures, aka DB03. NOTE: remote unauthenticated attack vectors exist when CTXSYS is used with oracle Application Server.

Exploits (1)

exploitdb WORKING POC VERIFIED

by sh2kerr · textlocalmultiple

https://www.exploit-db.com/exploits/4564

View Code ZIP pw:eip

This exploit leverages SQL injection in Oracle 10g's CTX_DOC.MARKUP function to execute arbitrary PL/SQL code, granting DBA privileges to an unprivileged user. It demonstrates privilege escalation via autonomous transactions and malicious function execution.

Classification

Working Poc 100%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Oracle Database 10g (10.1.0.2.0)

Auth required

Prerequisites: Valid database credentials · Access to execute PL/SQL functions · CTXSYS schema availability

MITRE ATT&CK