[sqlmap-users] Oracle Results
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] Oracle Results
|
From: Chris O. <chr...@gm...> - 2011-05-25 10:16:36
|
Hi All Not a sqlmap question as such, but maybe someone can help. I've found an sqli flaw in a test that has resulted in the following: --- banner: 'Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bi' current user is DBA: 'False' current user: 'IFSSYS' available databases [4]: [*] CTXSYS [*] IFSSYS [*] SYS [*] SYSTEM --- These all seem to be system databases. I don't know enough about Oracle to know if 1) they are all sys dbs 2) if there's anywhere I can go from here. The content of these databases seems to be all related to privs and such within Oracle. What I'm looking for is the web app data. Does anyone more familiar with Oracle know why it would only be systems databases accessible through the sqli flaw? We can try other tactics later but I was just wondering if this is normal from a data extraction point of view with Oracle. I've dumped a fair amount of the data and there's none systems related so far... Cheers Chris |
