Hi All
Not a sqlmap question as such, but maybe someone can help. I've found an
sqli flaw in a test that has resulted in the following:
---
banner: 'Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 -
64bi'
current user is DBA: 'False'
current user: 'IFSSYS'
available databases [4]:
[*] CTXSYS
[*] IFSSYS
[*] SYS
[*] SYSTEM
---
These all seem to be system databases. I don't know enough about Oracle to
know if 1) they are all sys dbs 2) if there's anywhere I can go from here.
The content of these databases seems to be all related to privs and such
within Oracle. What I'm looking for is the web app data. Does anyone more
familiar with Oracle know why it would only be systems databases accessible
through the sqli flaw?
We can try other tactics later but I was just wondering if this is normal
from a data extraction point of view with Oracle. I've dumped a fair amount
of the data and there's none systems related so far...
Cheers
Chris
------------------------------------------------------------------------------
vRanger cuts backup time in half-while increasing security.
With the market-leading solution for virtual backup and recovery,
you get blazing-fast, flexible, and affordable data protection.
Download your free trial now.
http://p.sf.net/sfu/quest-d2dcopy1
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
