SQL-inj in ORACLE
Today I discovered the discoverability, which allows access to the MySQL DBMS and reading files on a server owned by ORACLE. Apparently, no one is immune from error.
Who cares, some details.
MySQL et al .: 5.0.75-log, Apache, Tomcat 5.5
OS: Sun-solaris2.8
Database:
information_schema
archivist
darkstar
darkstar_1_0
darkstar_metrics
darkstardownloads
devdarkstar
devwonderland
downloads
dsmetrics
export_ctrl
forums
jgoforums
joomlatest
mysql
navmap_suncom
news
newsdb
omc2006
omcforums
openhouse2005
openhouse2006
patents
people
publications
spaughts
spiders
spots
technicalreport
test
testing
webtemplate
webtemplate_bkup
wonderland
/ etc / passwd
root: x: 0: 0: [galaxy-db.sunlabs.com] Super-User: / root: / sbin / sh
ctoroot: x: 0: 0: [galaxy-db.sunlabs.com] Sun Labs IT administrative account: / ctoroot: / sbin / sh
webroot: x: 0: 0: [galaxy-db.sunlabs.com] Sun Labs Web Team administrative account: / webroot: / sbin / sh
daemon: x: 1: 1 :: /:
bin: x: 2: 2 :: / usr / bin:
sys: x: 3: 3 :: /:
adm: x: 4: 4 : Admin: / var / adm:
lp: x: 71: 8: Line Printer Admin: / usr / spool / lp:
uucp: x: 5: 5: uucp admin: / usr / lib / uucp:
nuucp: x: 9: 9: uucp admin: / var / spool / uucppublic: / usr / lib / uucp / uucico
smmsp: x: 25: 25: SendMail Message Submission Program: /:
listen: x: 37: 4: Network Admin: / usr / net / nls:
gdm: x: 50: 50: GDM Reserved UID: /:
webservd: x: 80: 80: WebServer Reserved UID: /:
postgres: x: 90: 90: PostgreSQL Reserved UID: /: / usr / bin / pfksh
svctag: x: 95: 12: Service Tag UID: /:
nobody: x: 60001: 60001: NFS Anonymous Access User: /:
noaccess: x: 60002: 60002: No Access User: /:
nobody4: x: 65534: 65534: SunOS 4.x NFS Anonymous Access User: /:
mysql: x: 99: 99 :: / home / mysql : / bin / false Unsubscribed
in ORACLE.
Who cares, some details.
MySQL et al .: 5.0.75-log, Apache, Tomcat 5.5
OS: Sun-solaris2.8
Database:
information_schema
archivist
darkstar
darkstar_1_0
darkstar_metrics
darkstardownloads
devdarkstar
devwonderland
downloads
dsmetrics
export_ctrl
forums
jgoforums
joomlatest
mysql
navmap_suncom
news
newsdb
omc2006
omcforums
openhouse2005
openhouse2006
patents
people
publications
spaughts
spiders
spots
technicalreport
test
testing
webtemplate
webtemplate_bkup
wonderland
/ etc / passwd
root: x: 0: 0: [galaxy-db.sunlabs.com] Super-User: / root: / sbin / sh
ctoroot: x: 0: 0: [galaxy-db.sunlabs.com] Sun Labs IT administrative account: / ctoroot: / sbin / sh
webroot: x: 0: 0: [galaxy-db.sunlabs.com] Sun Labs Web Team administrative account: / webroot: / sbin / sh
daemon: x: 1: 1 :: /:
bin: x: 2: 2 :: / usr / bin:
sys: x: 3: 3 :: /:
adm: x: 4: 4 : Admin: / var / adm:
lp: x: 71: 8: Line Printer Admin: / usr / spool / lp:
uucp: x: 5: 5: uucp admin: / usr / lib / uucp:
nuucp: x: 9: 9: uucp admin: / var / spool / uucppublic: / usr / lib / uucp / uucico
smmsp: x: 25: 25: SendMail Message Submission Program: /:
listen: x: 37: 4: Network Admin: / usr / net / nls:
gdm: x: 50: 50: GDM Reserved UID: /:
webservd: x: 80: 80: WebServer Reserved UID: /:
postgres: x: 90: 90: PostgreSQL Reserved UID: /: / usr / bin / pfksh
svctag: x: 95: 12: Service Tag UID: /:
nobody: x: 60001: 60001: NFS Anonymous Access User: /:
noaccess: x: 60002: 60002: No Access User: /:
nobody4: x: 65534: 65534: SunOS 4.x NFS Anonymous Access User: /:
mysql: x: 99: 99 :: / home / mysql : / bin / false Unsubscribed
in ORACLE.