Penetration Testing mailing list archives
Re: PerlModule Apache::AuthDBI
From: Martin Eiszner <martin () websec org>
Date: Thu, 9 Jan 2003 07:44:00 +0100
On Tue, 7 Jan 2003 17:29:55 -0800 "Joe Luna" <joeluna () socal rr com> wrote:
the username/password which I'm assuming is some sort of administrative account. What I'm not sure of is the type of database or even how to connect using the credentials gained from the conf file. Any pointers?
.. this tells you that they are using a postgreSql database. if you dont have a local account, postgresql might help you to get one. if you can find a single sql-injections flaw (http://www.owasp.org/asac/input_validation/sql.shtml) postgresql will supply you with anything you need. it supports multiple statements (1st'; your query; aso.) Mei mei () websec org http://www.websec.org ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- PerlModule Apache::AuthDBI Joe Luna (Jan 08)
- Re: PerlModule Apache::AuthDBI Jamie Lawrence (Jan 08)
- Re: PerlModule Apache::AuthDBI Jeff Dafoe (Jan 08)
- Re: PerlModule Apache::AuthDBI Martin Eiszner (Jan 21)