Thanks for the assistance guys. I'll inspect the contents of that schema
specifically in that case. I should have mentioned that I used
--exclude-sysdbs with the --dbs flag, I think I just had doubts about the
results even so! Unfortunately there are no ports other than 80 and 443
open so access to this is strictly through the web application we're
testing. I definitely need to learn more about Oracle.
Chris
On 25 May 2011 11:29, <ja...@ev6.net> wrote:
> Chris,
>
> Before bothering with Sqlmap for the injection it might be worth it to
> check if you can actually access the Oracle instance remotely. You can
> do this by connecting to the database on port 1521, this is
> 'tnslistener'.
>
> If you can connect to 1521/tcp there's a lot easier ways to
> manipulate/own the database without sqlmap. Probably quite faster. Also,
> having access to TNS increases your chances by 50% of owning the
> underlying OS.
>
> James
>
> On Wed, 25 May 2011 11:16:29 +0100, Chris Oakley wrote:
> > Hi All
> >
> > Not a sqlmap question as such, but maybe someone can help. I've
> > found an sqli flaw in a test that has resulted in the following:
> >
> > ---
> > banner: 'Oracle Database 10g Enterprise Edition Release
> > 10.2.0.4.0 - 64bi'
> > current user is DBA: 'False'
> > current user: 'IFSSYS'
> >
> > available databases [4]:
> > [*] CTXSYS
> > [*] IFSSYS
> > [*] SYS
> > [*] SYSTEM
> > ---
> >
> > These all seem to be system databases. I don't know enough about
> > Oracle to know if 1) they are all sys dbs 2) if there's anywhere I
> > can
> > go from here. The content of these databases seems to be all related
> > to privs and such within Oracle. What I'm looking for is the web app
> > data. Does anyone more familiar with Oracle know why it would only
> > be systems databases accessible through the sqli flaw?
> >
> > We can try other tactics later but I was just wondering if this is
> > normal from a data extraction point of view with Oracle. I've dumped
> > a fair amount of the data and there's none systems related so far...
> >
> > Cheers
> >
> > Chris
>
>
>
> ------------------------------------------------------------------------------
> vRanger cuts backup time in half-while increasing security.
> With the market-leading solution for virtual backup and recovery,
> you get blazing-fast, flexible, and affordable data protection.
> Download your free trial now.
> http://p.sf.net/sfu/quest-d2dcopy1
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
------------------------------------------------------------------------------
vRanger cuts backup time in half-while increasing security.
With the market-leading solution for virtual backup and recovery,
you get blazing-fast, flexible, and affordable data protection.
Download your free trial now.
http://p.sf.net/sfu/quest-d2dcopy1
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
