Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Oracle 8i Security
From: jonz () NETRAIL NET (Jonathan A. Zdziarski)
Date: Tue, 2 Nov 1999 12:54:35 -0500

This is probably present in other versions of Oracle as well, but I
noticed when fatfingering a table that if you try to create a referrential
integrity constraint on someone else's table, it presents the user with a
little too much information.  If the table does not exist in the other
user's schema, you get an 'ORA-00924: table or view does not exist',
however if the table exists and you don't have permission to reference it,
you get a different error (something similar to 'invalid access').

This can be used to find out what tables another schema owns without
having access to.  It's not a big deal for our implementation, but it
could be on others.

Thank you,

Jonathan A. Zdziarski
Sr. Systems Administrator
Netrail, inc.
888.NET.RAIL x240
http://www.netrail.net

  By Date           By Thread  

Current thread:
  • Oracle 8i Security Jonathan A. Zdziarski (Nov 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]