While I was going through the Oracle Apache+WebDB vulnerability, I found something else also interesting, I don't know if anyone has posted this before, but here it goes any way. If you reques the following: http://>:<port>/pls/admin The following info is displayed: Sun, 3 Feb 2002 19:57:12 GMT No DAD configuration Found DAD name: PROCEDURE : URL : http:// >:<port>/pls/admin PARAMETERS : =========== ENVIRONMENT: ============ PLSQL_GATEWAY=WebDb GATEWAY_IVERSION=2 SERVER_SOFTWARE=Apache/1.3.12 (Unix) ApacheJServ/1.1 mod_perl/1.22 GATEWAY_INTERFACE=CGI/1.1 SERVER_PORT= <port number> SERVER_NAME= <hostname> REQUEST_METHOD=GET QUERY_STRING= PATH_INFO=/admin SCRIPT_NAME=/pls REMOTE_HOST= REMOTE_ADDR= <My IP> SERVER_PROTOCOL=HTTP/1.1 REQUEST_PROTOCOL=HTTP REMOTE_USER= HTTP_CONTENT_LENGTH= HTTP_CONTENT_TYPE= HTTP_USER_AGENT=Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0) HTTP_HOST=<hostname:<port> HTTP_ACCEPT=image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, application/x-quickviewplus, */* HTTP_ACCEPT_ENCODING=gzip, deflate HTTP_ACCEPT_LANGUAGE=en-us HTTP_ACCEPT_CHARSET= HTTP_COOKIE= Authorization= HTTP_IF_MODIFIED_SINCE= Peace, Leandro Malaquias Consultor de Segurança em Redes Network Security Consultant
This archive was generated by hypermail 2b30 : Sun Feb 03 2002 - 19:22:57 PST