auxiliary scanners oas_cgi_scan

Author(s):

MC CG [carnal0wnage]

Description:

This module scans for common files on an Oracle Application Server and Oracle Database Server.
If you are having issues. set VERBOSE to TRUE to see all error codes.

References:

www.ngssoftware.com/papers/hpoas.pdf

Module Options:

DEMOS     false                             true       Enable checks for all the demo pages
PROXYA                                      false      Proxy IP Address
PROXYP                                      false      Proxy Port Number
RURL      http://www.example.com/test.php   true       Target address
VERBOSE   false                             true       Show all errror codes or just 200/302

Options Explained (Module Specific):

DEMOS -- Set to 'true' if you'd like to enable tests for demo pages.

VERBOSE -- To show all error codes, 404, 401, 500, etc. set to 'true', otherwise wXf will only display 200, 301 and 302 response codes.

Real world example:

The target is www.hacktargetexample.com, port 80 (HTTP). We'd like to test for both demo pages and common Oracle pages. Additionally, we'd like to observe all response codes.

set RURL http://www.hacktargetexample.com
set VERBOSE true
set DEMOS true
run

Provide feedback

Saved searches

Use saved searches to filter your results more quickly