p.s. in future for questions like this "if 1) they are all sys dbs" there is a switch called: --exclude-sysdbs which will filter out all system database names from --dbs output
kr On Wed, May 25, 2011 at 12:23 PM, Miroslav Stampar <miroslav.stam...@gmail.com> wrote: > hi Chris. > > Oracle has a rather different "concept" for databases (from dumping > point of view). > > data is stored into "schemas" which are the same thing as "users", and > each user has it's tables under the same named schema. > > that means that your best best would be to use the: > > --tables -D IFSSYS <--- current user name > and then dump tables from there on > > also, be sure that you are using the latest revision from our repository > > kr > > On Wed, May 25, 2011 at 12:16 PM, Chris Oakley > <christopher.oak...@gmail.com> wrote: >> Hi All >> >> Not a sqlmap question as such, but maybe someone can help. I've found an >> sqli flaw in a test that has resulted in the following: >> >> --- >> banner: 'Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - >> 64bi' >> current user is DBA: 'False' >> current user: 'IFSSYS' >> >> available databases [4]: >> [*] CTXSYS >> [*] IFSSYS >> [*] SYS >> [*] SYSTEM >> --- >> >> These all seem to be system databases. I don't know enough about Oracle to >> know if 1) they are all sys dbs 2) if there's anywhere I can go from here. >> The content of these databases seems to be all related to privs and such >> within Oracle. What I'm looking for is the web app data. Does anyone more >> familiar with Oracle know why it would only be systems databases accessible >> through the sqli flaw? >> >> We can try other tactics later but I was just wondering if this is normal >> from a data extraction point of view with Oracle. I've dumped a fair amount >> of the data and there's none systems related so far... >> >> Cheers >> >> Chris >> >> >> >> ------------------------------------------------------------------------------ >> vRanger cuts backup time in half-while increasing security. >> With the market-leading solution for virtual backup and recovery, >> you get blazing-fast, flexible, and affordable data protection. >> Download your free trial now. >> http://p.sf.net/sfu/quest-d2dcopy1 >> _______________________________________________ >> sqlmap-users mailing list >> sqlmap-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B ------------------------------------------------------------------------------ vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1 _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users