This exploit demonstrates a SQL injection vulnerability in the Research Plans section of a web application powered by Oracle DBMS. The PoC leverages the `utl_inaddr.get_host_address` function to extract the database version banner.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:SIDA Portal (versions below 1389)
No auth needed
Prerequisites:Access to the vulnerable web form at `/Portal/Research/ResearchPlan/UserStart.aspx`