[ Security Tool ] OraFuzz V1

Here is a little tool I wrote yesterday to fuzz for various pages present in Oracle software.
These findings generally are pretty severe in their outcome and as such, administrators should be made aware of this.
These pages should be restricted through the use of proper access control lists.

The application at this point only supports GET Requests, but I will be updating that soon.

You can try for yourself with google, and a google dork: inurl: /reports/rwservlet/help?

In short this software:

Scans for highly sensitive pages present on badly misconfiguration oracle servers. Additionally the initial connection acts as a banner grab.

Initial connection and options:

orafuzza

and the fuzz scanning:

orafuzz2png

logging file page 1:

orafuzzloga2

logging file page 2:

orafuzzlogb1

[ .txt ] C-Source File.
[ .ZIP ] Project Files
[ .ZIP / .EXE ] Executable

Advertisements

~ by Rhys Mossom on March 12, 2014.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: