Re: [sqlmap-users] Oracle Results
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Oracle Results
|
From: Miroslav S. <mir...@gm...> - 2011-05-25 10:25:59
|
p.s. in future for questions like this "if 1) they are all sys dbs" there is a switch called: --exclude-sysdbs which will filter out all system database names from --dbs output kr On Wed, May 25, 2011 at 12:23 PM, Miroslav Stampar <mir...@gm...> wrote: > hi Chris. > > Oracle has a rather different "concept" for databases (from dumping > point of view). > > data is stored into "schemas" which are the same thing as "users", and > each user has it's tables under the same named schema. > > that means that your best best would be to use the: > > --tables -D IFSSYS <--- current user name > and then dump tables from there on > > also, be sure that you are using the latest revision from our repository > > kr > > On Wed, May 25, 2011 at 12:16 PM, Chris Oakley > <chr...@gm...> wrote: >> Hi All >> >> Not a sqlmap question as such, but maybe someone can help. I've found an >> sqli flaw in a test that has resulted in the following: >> >> --- >> banner: 'Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - >> 64bi' >> current user is DBA: 'False' >> current user: 'IFSSYS' >> >> available databases [4]: >> [*] CTXSYS >> [*] IFSSYS >> [*] SYS >> [*] SYSTEM >> --- >> >> These all seem to be system databases. I don't know enough about Oracle to >> know if 1) they are all sys dbs 2) if there's anywhere I can go from here. >> The content of these databases seems to be all related to privs and such >> within Oracle. What I'm looking for is the web app data. Does anyone more >> familiar with Oracle know why it would only be systems databases accessible >> through the sqli flaw? >> >> We can try other tactics later but I was just wondering if this is normal >> from a data extraction point of view with Oracle. I've dumped a fair amount >> of the data and there's none systems related so far... >> >> Cheers >> >> Chris >> >> >> >> ------------------------------------------------------------------------------ >> vRanger cuts backup time in half-while increasing security. >> With the market-leading solution for virtual backup and recovery, >> you get blazing-fast, flexible, and affordable data protection. >> Download your free trial now. >> http://p.sf.net/sfu/quest-d2dcopy1 >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
