Chris, Before bothering with Sqlmap for the injection it might be worth it to check if you can actually access the Oracle instance remotely. You can do this by connecting to the database on port 1521, this is 'tnslistener'.
If you can connect to 1521/tcp there's a lot easier ways to manipulate/own the database without sqlmap. Probably quite faster. Also, having access to TNS increases your chances by 50% of owning the underlying OS. James On Wed, 25 May 2011 11:16:29 +0100, Chris Oakley wrote: > Hi All > > Not a sqlmap question as such, but maybe someone can help. I've > found an sqli flaw in a test that has resulted in the following: > > --- > banner: 'Oracle Database 10g Enterprise Edition Release > 10.2.0.4.0 - 64bi' > current user is DBA: 'False' > current user: 'IFSSYS' > > available databases [4]: > [*] CTXSYS > [*] IFSSYS > [*] SYS > [*] SYSTEM > --- > > These all seem to be system databases. I don't know enough about > Oracle to know if 1) they are all sys dbs 2) if there's anywhere I > can > go from here. The content of these databases seems to be all related > to privs and such within Oracle. What I'm looking for is the web app > data. Does anyone more familiar with Oracle know why it would only > be systems databases accessible through the sqli flaw? > > We can try other tactics later but I was just wondering if this is > normal from a data extraction point of view with Oracle. I've dumped > a fair amount of the data and there's none systems related so far... > > Cheers > > Chris ------------------------------------------------------------------------------ vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1 _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
