Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-25075 PoC — karsany OBridge ProcedureDao.java getAllStandaloneProcedureAndFunction sql injection

Source
https://github.com/epicosy/obridge
Associated Vulnerability
Title:karsany OBridge ProcedureDao.java getAllStandaloneProcedureAndFunction sql injection (CVE-2018-25075)
Description:A vulnerability classified as critical has been found in karsany OBridge up to 1.3. Affected is the function getAllStandaloneProcedureAndFunction of the file obridge-main/src/main/java/org/obridge/dao/ProcedureDao.java. The manipulation leads to sql injection. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.4 is able to address this issue. The name of the patch is 52eca4ad05f3c292aed3178b2f58977686ffa376. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218376.
Description
obride with CVE-2018-25075
Readme
OBridge
=======

[![PayPal donate button](http://img.shields.io/paypal/donate.png?color=yellow)](https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=QQAFXN8GH5YFN&lc=GB&item_name=OBridge&currency_code=EUR&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted "Help OBridge development using Paypal")  


OBridge provides a simple Java source code generator for calling Oracle PL/SQL package procedures.

Supported input, output parameters and return values are:
  * BINARY_INTEGER
  * BOOLEAN
  * CHAR
  * CLOB
  * BLOB
  * DATE
  * NCHAR
  * NUMBER
  * NVARCHAR2
  * OBJECT - Oracle Object Type
  * PLS_INTEGER
  * TABLE - Table of Oracle Object Type
  * TIMESTAMP
  * VARCHAR2
  * RAW
  
The following types cannot be implemented, because JDBC driver does not supports them:
  * Types declared in source code
  * %ROWTYPE parameters
  
Generated code compiles with Java 1.6.

Usage
-----

Download the latest version from [releases](https://github.com/karsany/obridge/releases).

After downloading, create an XML configuration file:

```xml
<configuration>
	<jdbcUrl>jdbc:oracle:thin:scott/tiger@localhost:1521:xe</jdbcUrl> <!-- jdbc connection string for obridge -->
	<sourceRoot>.</sourceRoot> <!-- where to generate sources - related to this configuration file -->
	<rootPackageName>hu.obridge.test</rootPackageName> <!-- root Java package, generator builds the directory structure -->
	<packages>
		<entityObjects>objects</entityObjects> <!-- object types are going to this package -->
		<converterObjects>converters</converterObjects> <!-- converter util classes are going to this package -->
		<procedureContextObjects>context</procedureContextObjects> <!-- procedure parameter entities are going to this package -->
		<packageObjects>packages</packageObjects> <!-- procedure calling utility classes are going to this package -->
	</packages>
</configuration>
```
Run the generator:

	java -jar obridge.jar -c <obridge-config.xml>
		
OBridge connects to the specified database and generates the required classes.

Calling a PL/SQL procedure
--------------------------

For example you have the following PL/SQL code:

```sql
Create Or Replace Package simple_procedures is
  Function simple_func(a In Varchar2,
					   b In Out Varchar2,
					   c Out Varchar2) Return Number;
End simple_procedures;
```
Generated source:

```java
public class SimpleProcedures {
	public static SimpleProceduresSimpleFunc simpleFunc(String a, String b,  Connection connection) throws SQLException { ... }
}
```
You can call the SimpleProcedures.simpleFunc method:

```java
SimpleProceduresSimpleFunc ret = SimpleProcedures.simpleFunc("hello", "world", conn); // conn is the database connection
```
Return object will hold the input and output parameters, converted to Java types.
```java
public class SimpleProceduresSimpleFunc {

	private BigDecimal functionReturn;
	private String a;
	private String b;
	private String c;
	
	// getters, setters

}
```
File Snapshot

 [4.0K]  /data/pocs/c193e326b504e0f98a8ef0ef3d15d4ab1658c330
├── [  51]  build.cmd
├── [1.1K]  LICENSE.txt
├── [4.0K]  obridge-generator-test
│   ├── [  43]  database_connection.cmd.example
│   ├── [ 690]  install_database.cmd
│   ├── [1.1K]  LICENSE.txt
│   ├── [1.0K]  obridge.xml
│   ├── [1.8K]  pom.xml
│   └── [4.0K]  src
│       ├── [4.0K]  main
│       │   └── [4.0K]  java
│       │       └── [4.0K]  org
│       │           └── [4.0K]  obridge
│       │               └── [4.0K]  test
│       │                   └── [ 196]  App.java
│       └── [4.0K]  test
│           ├── [4.0K]  java
│           │   └── [4.0K]  org
│           │       └── [4.0K]  obridge
│           │           └── [4.0K]  test
│           │               ├── [1000]  BaseTest.java
│           │               └── [4.0K]  database
│           │                   └── [4.0K]  packages
│           │                       ├── [1.1K]  BlobTestTest.java
│           │                       ├── [1.5K]  NullityCheckTest.java
│           │                       ├── [ 941]  ProceduresAndFunctionsTest.java
│           │                       ├── [2.7K]  SimpleProceduresTest.java
│           │                       ├── [1.0K]  TestPackageBooleanTest.java
│           │                       └── [3.9K]  TestPackageTest.java
│           └── [4.0K]  resources
│               └── [ 123]  datasource.properties.example
├── [4.0K]  obridge-main
│   ├── [1.1K]  LICENSE.txt
│   ├── [5.0K]  pom.xml
│   └── [4.0K]  src
│       ├── [4.0K]  main
│       │   ├── [4.0K]  java
│       │   │   └── [4.0K]  org
│       │   │       └── [4.0K]  obridge
│       │   │           ├── [4.0K]  context
│       │   │           │   ├── [ 608]  Logging.java
│       │   │           │   ├── [2.6K]  OBridgeConfiguration.java
│       │   │           │   └── [2.2K]  Packages.java
│       │   │           ├── [4.0K]  dao
│       │   │           │   ├── [9.9K]  ProcedureDao.java
│       │   │           │   └── [5.4K]  TypeDao.java
│       │   │           ├── [4.0K]  generators
│       │   │           │   ├── [4.0K]  ConverterObjectGenerator.java
│       │   │           │   ├── [3.6K]  EntityObjectGenerator.java
│       │   │           │   ├── [4.7K]  PackageObjectGenerator.java
│       │   │           │   └── [3.3K]  ProcedureContextGenerator.java
│       │   │           ├── [4.0K]  mappers
│       │   │           │   ├── [4.0K]  builders
│       │   │           │   │   ├── [5.5K]  CallStringBuilder.java
│       │   │           │   │   └── [2.6K]  ParameterGetSetRegisterBuilder.java
│       │   │           │   └── [3.1K]  PojoMapper.java
│       │   │           ├── [4.0K]  model
│       │   │           │   ├── [4.0K]  data
│       │   │           │   │   ├── [2.1K]  BindParam.java
│       │   │           │   │   ├── [3.1K]  OraclePackage.java
│       │   │           │   │   ├── [7.1K]  ProcedureArgument.java
│       │   │           │   │   ├── [4.5K]  Procedure.java
│       │   │           │   │   ├── [7.7K]  TypeAttribute.java
│       │   │           │   │   └── [2.3K]  Type.java
│       │   │           │   └── [4.0K]  generator
│       │   │           │       ├── [2.0K]  PojoField.java
│       │   │           │       └── [2.4K]  Pojo.java
│       │   │           ├── [4.4K]  OBridge.java
│       │   │           └── [4.0K]  util
│       │   │               ├── [1.8K]  CodeFormatter.java
│       │   │               ├── [2.0K]  DataSourceProvider.java
│       │   │               ├── [1.8K]  FuncUtils.java
│       │   │               ├── [4.0K]  jdbc
│       │   │               │   ├── [1.4K]  JdbcTemplateException.java
│       │   │               │   ├── [3.8K]  JdbcTemplate.java
│       │   │               │   └── [1.4K]  RowMapper.java
│       │   │               ├── [1.8K]  MustacheRunner.java
│       │   │               ├── [1.5K]  OBridgeException.java
│       │   │               ├── [3.3K]  StringHelper.java
│       │   │               ├── [6.0K]  TypeMapper.java
│       │   │               └── [1.5K]  XStreamFactory.java
│       │   └── [4.0K]  resources
│       │       ├── [2.5K]  converter.mustache
│       │       ├── [4.0K]  org
│       │       │   └── [4.0K]  obridge
│       │       │       └── [  59]  obridge-project.properties
│       │       ├── [3.6K]  package.mustache
│       │       ├── [ 561]  pojo.mustache
│       │       ├── [1.4K]  PrimitiveTypeConverter.java.mustache
│       │       ├── [4.0K]  sniplets
│       │       │   ├── [ 238]  BLOB-GET.mustache
│       │       │   ├── [ 239]  BOOLEAN-GET.mustache
│       │       │   ├── [ 249]  DEFAULT-GET.mustache
│       │       │   ├── [ 236]  INTEGER-GET.mustache
│       │       │   ├── [ 204]  LIST-GET.mustache
│       │       │   ├── [ 195]  LIST-PRIMITIVE-GET.mustache
│       │       │   ├── [ 308]  OBJECT-GET.mustache
│       │       │   └── [ 238]  RAW-GET.mustache
│       │       └── [ 251]  StoredProcedureCallException.java.mustache
│       └── [4.0K]  test
│           ├── [4.0K]  java
│           │   └── [4.0K]  org
│           │       └── [4.0K]  obridge
│           │           ├── [ 752]  BaseTest.java
│           │           ├── [4.0K]  dao
│           │           │   ├── [1.4K]  ProcedureDaoTest.java
│           │           │   └── [1.8K]  TypeDaoTest.java
│           │           ├── [4.0K]  generators
│           │           │   └── [ 955]  EntityObjectGeneratorTest.java
│           │           ├── [4.0K]  mappers
│           │           │   ├── [4.0K]  builders
│           │           │   │   ├── [ 610]  CallStringBuilderTest.java
│           │           │   │   └── [ 567]  ParameterGetSetRegisterBuilderTest.java
│           │           │   └── [2.3K]  PojoMapperTest.java
│           │           ├── [1.6K]  OBridgeTest.java
│           │           └── [4.0K]  util
│           │               ├── [1.6K]  MustacheRunnerTest.java
│           │               ├── [ 984]  StringHelperTest.java
│           │               └── [1.2K]  XStreamFactoryTest.java
│           ├── [4.0K]  plsql
│           │   ├── [1.9K]  00_init.sql
│           │   ├── [4.3K]  01_simple_procedures.pck
│           │   ├── [6.8K]  02_test_package.pck
│           │   ├── [ 174]  03_test_procedure.prc
│           │   ├── [ 323]  04_exec_function.fnc
│           │   ├── [ 565]  05_plsql_type_example.pck
│           │   ├── [1.1K]  06_blob_test.pck
│           │   └── [1.5K]  07_nullity_check.pck
│           └── [4.0K]  resources
│               └── [ 123]  datasource.properties.example
├── [4.0K]  obridge-maven-plugin
│   ├── [1.1K]  LICENSE.txt
│   ├── [2.5K]  pom.xml
│   └── [4.0K]  src
│       └── [4.0K]  main
│           └── [4.0K]  java
│               └── [4.0K]  org
│                   └── [4.0K]  obridge
│                       └── [4.0K]  maven
│                           └── [2.9K]  OBridgeMojo.java
├── [1.6K]  pom.xml
├── [2.9K]  README.md
├── [ 322]  shiftleft.yml
└── [  31]  test_all.cmd

53 directories, 91 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →