CVE-2010-3600

Exploitation Summary

EIP tracks 3 public exploits for CVE-2010-3600. PoCs published by Metasploit, LAITRUNGMINHDUC, 1c239c43f521145fa8385d64a9c32243, juan vazquez, including Metasploit module exploits/windows/oracle/client_system_analyzer_upload.

AI-analyzed exploit summary This Metasploit module exploits an arbitrary file upload vulnerability in Oracle Database 11g's Client System Analyzer component, allowing remote code execution via uploaded VBS and MOF files. It leverages directory traversal to place files in system directories and executes payloads through Windows Management Instrumentation.

Description

Unspecified vulnerability in the Client System Analyzer component in Oracle Database Server 11.1.0.7 and 11.2.0.1 and Enterprise Manager Grid Control 10.2.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that this issue involves an exposed JSP script that accepts XML uploads in conjunction with NULL bytes in an unspecified parameter that allow execution of arbitrary code.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/22714

View Code ZIP pw:eip

This Metasploit module exploits an arbitrary file upload vulnerability in Oracle Database 11g's Client System Analyzer component, allowing remote code execution via uploaded VBS and MOF files. It leverages directory traversal to place files in system directories and executes payloads through Windows Management Instrumentation.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Oracle Database 11g 11.2.0.1.0

No auth needed

Prerequisites: Network access to Oracle Database Client System Analyzer on port 1158 · Windows target with WMI service

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution T1059.005 - Visual Basic

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 2 stars

by LAITRUNGMINHDUC · poc

https://github.com/LAITRUNGMINHDUC/CVE-2010-3600-PythonHackOracle11gR2

View Code ZIP pw:eip

This repository contains a functional Python script that exploits CVE-2010-3600, an arbitrary file upload vulnerability in Oracle Database Client System Analyzer. The script uploads a malicious PHP shell to a target Oracle Enterprise Manager server via a directory traversal attack.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Oracle Database 11gR2 (Enterprise Manager)

No auth needed

Prerequisites: Network access to Oracle Enterprise Manager (default port 1158) · Oracle Database Client System Analyzer misconfiguration

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by 1c239c43f521145fa8385d64a9c32243, juan vazquez · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/oracle/client_system_analyzer_upload.rb

View Code ZIP pw:eip

This Metasploit module exploits an arbitrary file upload vulnerability in Oracle Database 11g's Client System Analyzer component, allowing remote code execution via uploaded VBS and MOF files. It leverages Windows Management Instrumentation (WMI) for execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Oracle Database 11g 11.2.0.1.0

No auth needed

Prerequisites: Network access to the target Oracle Database Client System Analyzer service (port 1158) · Target system must have WMI enabled

MITRE ATT&CK