Thanks James
I'll take a look and also pass this on to the rest of the team.
Cheers
Chris
On 25 May 2011 12:10, wrote:
> Chris,
>
> If you like to learn about severely owning Oracle a nice place to start
> might be my blog =). http://security.is.doomed.org/wordpress/
>
> Also you can head o
Chris,
If you like to learn about severely owning Oracle a nice place to
start might be my blog =). http://security.is.doomed.org/wordpress/
Also you can head over to a friend of mines site,
http://pentestmonkey.net/cheat-sheets/ for all types of good SQL
injection cheat info. =)
There
Thanks for the assistance guys. I'll inspect the contents of that schema
specifically in that case. I should have mentioned that I used
--exclude-sysdbs with the --dbs flag, I think I just had doubts about the
results even so! Unfortunately there are no ports other than 80 and 443
open so access
Chris,
Before bothering with Sqlmap for the injection it might be worth it to
check if you can actually access the Oracle instance remotely. You can
do this by connecting to the database on port 1521, this is
'tnslistener'.
If you can connect to 1521/tcp there's a lot easier ways to
manip
p.s. in future for questions like this "if 1) they are all sys dbs"
there is a switch called: --exclude-sysdbs which will filter out all
system database names from --dbs output
kr
On Wed, May 25, 2011 at 12:23 PM, Miroslav Stampar
wrote:
> hi Chris.
>
> Oracle has a rather different "concept" fo
hi Chris.
Oracle has a rather different "concept" for databases (from dumping
point of view).
data is stored into "schemas" which are the same thing as "users", and
each user has it's tables under the same named schema.
that means that your best best would be to use the:
--tables -D IFSSYS
Hi All
Not a sqlmap question as such, but maybe someone can help. I've found an
sqli flaw in a test that has resulted in the following:
---
banner:'Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 -
64bi'
current user is DBA:'False'
current user:'IFSSYS'
available databases
