CVE-2009-1977

Oracle Secure Backup 10.2.0.3 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-1977. PoCs published by ikki, MC, including Metasploit module auxiliary/admin/oracle/osb_execqr2.

AI-analyzed exploit summary This exploit leverages CVE-2009-1977 for authentication bypass and CVE-2009-1978 for command injection in Oracle Secure Backup Administration Server. It establishes a non-interactive shell by writing command outputs to a temporary file.

Description

Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the July 2009 Oracle CPU. Oracle has not commented on claims from an independent researcher that this vulnerability allows attackers to bypass authentication via unknown vectors involving the username parameter and login.php.

Exploits (2)

exploitdb WORKING POC VERIFIED
by ikki · bashremotewindows
https://www.exploit-db.com/exploits/9652

This exploit leverages CVE-2009-1977 for authentication bypass and CVE-2009-1978 for command injection in Oracle Secure Backup Administration Server. It establishes a non-interactive shell by writing command outputs to a temporary file.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Oracle Secure Backup Administration Server 10.3.0.1.0
No auth needed
Prerequisites: curl installed · network access to target · target running vulnerable Oracle Secure Backup Administration Server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
by MC · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/oracle/osb_execqr2.rb

This Metasploit module exploits an authentication bypass (CVE-2009-1977) and command injection (CVE-2009-1978) in Oracle Secure Backup 10.3.0.1.0. It bypasses login via a crafted POST request to login.php, then injects a command into property_box.php using a session cookie.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Oracle Secure Backup 10.3.0.1.0 (Win32)
No auth needed
Prerequisites: Network access to target · PHP session handling enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35672
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35776
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-09-058/
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1900
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/55903
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1022565
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/51761

Scores

EPSS 0.8393
EPSS Percentile 99.3%

Details

Status published
Products (1)
oracle/secure_backup 10.2.0.3
Published Jul 14, 2009
Tracked Since Feb 18, 2026