> *********************************
> * Oracle WebDB PL/SQL Proxy Access Vulnerabililty
> *********************************
> Posted @ 28.12.2000 by Astral:
> Info:
>
> Remote: Yes
> Local: Yes
>
> Note: As posted to bugtraq:
>
> Description:
> Oracle WebDB is part of the Oracle Internet Application Server package,
distributed by Oracle Corporation. A problem exists which can allow users
unauthorized access to restricted resources.
>
> The problem occurs in the ability to query a running database using HTTP.
By sending a custom crafted query to the HTTPD, it is possible for a remote
user to discover sensitive information within the database such as the DAD
name. In addition to discovery of the DAD, it's possible for a remote user
to manipulate data via the web interface using SQL calls. These problems
make it possible for a user with malicious intent to query a database for
sensitive information, and further manipulate data within the database
itself.
>
> Exploit:
> Currenty we don't have informations about exploit concerning this
vulnerability if you have any info please contact us at
vulndb_at_403-security.org
>
> Fix:
> Currenty we don't have informations about vendor patch concerning this
vulnerability if you have any info please contact us at
vulndb_at_403-security.org
>
> Credit:
> Michal Zalewski (lcamtuf_at_dione.ids.pl)
>
> Source:
> Security Focus
>
> ********************************
Received on Thu Dec 28 2000 - 10:02:18 CST
