CVE-2008-3979

Oracle Database 10.1.0.5 and 10.2.0.2 - Authenticated SQL Injection via MDSYS.SDO_TOPO_DROP_FTBL Trigger

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-3979. PoCs published by sh2kerr, including Metasploit module auxiliary/sqli/oracle/droptable_trigger.

AI-analyzed exploit summary This exploit leverages SQL injection in the MDSYS.SDO_TOPO_DROP_FTBL trigger to escalate privileges from a regular Oracle DB user to MDSYS, then to DBA by creating a malicious trigger in the system schema.

Description

Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is a SQL injection vulnerability that allows remote authenticated users to gain MDSYS privileges via the MDSYS.SDO_TOPO_DROP_FTBL trigger.

Exploits (2)

exploitdb WORKING POC VERIFIED

by sh2kerr · rubylocalmultiple

https://www.exploit-db.com/exploits/8074

View Code ZIP pw:eip

This exploit leverages SQL injection in the MDSYS.SDO_TOPO_DROP_FTBL trigger to escalate privileges from a regular Oracle DB user to MDSYS, then to DBA by creating a malicious trigger in the system schema.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Oracle Database (specific version not specified)

Auth required

Prerequisites: Valid Oracle DB user credentials · Access to execute SQL commands

MITRE ATT&CK

T1189 - Drive-by Compromise T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/sqli/oracle/droptable_trigger.rb