Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: Re: [PEN-TEST] Oracle

Re: [PEN-TEST] Oracle

From: Frazier, Thomas <Thomas.Frazier_at_USA.XEROX.COM>
Date: Mon, 5 Feb 2001 14:24:15 -0500

I remember a while ago there were some DoS stuff out for the Spyglass web
server (resides on the Application Tier). It would crash it under certain
circumstances.

You might want to make sure that the site has the configuration setup
properly. All 10.7NCA users are logging into the system using
applsyspub/pub as the username/password pair. From their, a login box
prompts you for a specific username and password. The database tier should
be setup to only allow connections to/from the application tier. You might
be able to bypass the app tier altogether and log into the db directly with
applsyspub/pub.

All of that and more should be in Metalinks....

Tom

-----Original Message-----
From: Simon Waters [mailto:Simon_at_wretched.demon.co.uk]
Sent: Friday, February 02, 2001 11:38 AM
To: PEN-TEST_at_SECURITYFOCUS.COM
Subject: Re: Oracle

Michael Graham wrote:
>
> Dear all,
>
> Is anyone aware of any vulnerabilities effecting Oracle 10.7 application?
I
> am currently auditing one yet, can't find any info in the usual places.

Have you had a dig at Oracle Metalink?

I assume you've looked for ordinary Oracle vulnerabilities?

        Simon 

--
Business http://www.eighth-layer.com/
Personal http://www.wretched.demon.co.uk/
Received on Feb 05 2001
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos