1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7
  include Msf::Exploit::ORACLE
8

9
  def initialize(info = {})
10
    super(
11
      update_info(
12
        info,
13
        'Name' => 'Oracle SQL Generic Query',
14
        'Description' => %q{
15
          This module allows for simple SQL statements to be executed
16
          against an Oracle instance given the appropriate credentials
17
          and sid.
18
        },
19
        'Author' => [ 'MC' ],
20
        'License' => MSF_LICENSE,
21
        'References' => [
22
          [ 'URL', 'http://web.archive.org/web/20110322124810/http://www.metasploit.com:80/users/mc/' ],
23
        ],
24
        'DisclosureDate' => '2007-12-07',
25
        'Notes' => {
26
          'Stability' => [CRASH_SAFE],
27
          'SideEffects' => [IOC_IN_LOGS],
28
          'Reliability' => []
29
        }
30
      )
31
    )
32

33
    register_options(
34
      [
35
        OptString.new('SQL', [false, 'The SQL to execute.', 'select * from v$version']),
36
      ]
37
    )
38
  end
39

40
  def run
41
    return if !check_dependencies
42

43
    query = datastore['SQL']
44

45
    begin
46
      print_status("Sending statement: '#{query}'...")
47
      result = prepare_exec(query)
48
      # Need this if statement because some statements won't return anything
49
      if result
50
        result.each do |line|
51
          print_status(line)
52
        end
53
      end
54
    rescue StandardError
55
      return
56
    end
57
  end
58
end
59

60