Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: PerlModule Apache::AuthDBI

From: Martin Eiszner <martin () websec org>
Date: Thu, 9 Jan 2003 07:44:00 +0100

On Tue, 7 Jan 2003 17:29:55 -0800
"Joe Luna" <joeluna () socal rr com> wrote:


the username/password which I'm assuming is some sort of administrative
account. 
What I'm not sure of is the type of database or even how to connect
using the credentials gained from the conf file. 
Any pointers?


.. this tells you that they are using a postgreSql database. 
if you dont have a local account, postgresql might help you to get one.

if you can find a single sql-injections flaw (http://www.owasp.org/asac/input_validation/sql.shtml) 
postgresql will supply you with anything you need. it supports multiple statements  (1st'; your query; aso.)



Mei
 


mei () websec org
http://www.websec.org

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: