CVE-2009-0978

Oracle Database <11.1.0.6 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0978. PoCs published by MC, including Metasploit module auxiliary/sqli/oracle/lt_rollbackworkspace.

AI-analyzed exploit summary This Metasploit module exploits a SQL injection vulnerability in Oracle's SYS.LT.ROLLBACKWORKSPACE procedure (CVE-2009-0978) by injecting malicious SQL via base64-encoded payloads. It creates a malicious function, executes it through the vulnerable procedure, and cleans up afterward.

Description

Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-0975.

Exploits (1)

metasploit WORKING POC

by MC · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/sqli/oracle/lt_rollbackworkspace.rb

View Code ZIP pw:eip

This Metasploit module exploits a SQL injection vulnerability in Oracle's SYS.LT.ROLLBACKWORKSPACE procedure (CVE-2009-0978) by injecting malicious SQL via base64-encoded payloads. It creates a malicious function, executes it through the vulnerable procedure, and cleans up afterward.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Oracle Database (versions affected by CVE-2009-0978)

Auth required

Prerequisites: Valid Oracle database credentials · Execute privilege on SYS.LT package

MITRE ATT&CK