[ Security Tool ] OraFuzz V1
Here is a little tool I wrote yesterday to fuzz for various pages present in Oracle software.
These findings generally are pretty severe in their outcome and as such, administrators should be made aware of this.
These pages should be restricted through the use of proper access control lists.
The application at this point only supports GET Requests, but I will be updating that soon.
You can try for yourself with google, and a google dork: inurl: /reports/rwservlet/help?
In short this software:
Scans for highly sensitive pages present on badly misconfiguration oracle servers. Additionally the initial connection acts as a banner grab.
Initial connection and options:
and the fuzz scanning:
logging file page 1:
logging file page 2: