Re: PerlModule Apache::AuthDBI
From: Martin Eiszner (martin@websec.org)
Date: 01/09/03
- Previous message: Rob Lindenbusch: "RE: Checkpoint FW-1 on Nokia - potential user enumeration bug?"
- In reply to: Joe Luna: "PerlModule Apache::AuthDBI"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 9 Jan 2003 07:44:00 +0100 From: Martin Eiszner <martin@websec.org> To: "Joe Luna" <joeluna@socal.rr.com>
On Tue, 7 Jan 2003 17:29:55 -0800
"Joe Luna" <joeluna@socal.rr.com> wrote:
> the username/password which I'm assuming is some sort of administrative
> account.
> What I'm not sure of is the type of database or even how to connect
> using the credentials gained from the conf file.
> Any pointers?
.. this tells you that they are using a postgreSql database.
if you dont have a local account, postgresql might help you to get one.
if you can find a single sql-injections flaw (http://www.owasp.org/asac/input_validation/sql.shtml)
postgresql will supply you with anything you need. it supports multiple statements (1st'; your query; aso.)
Mei
mei@websec.org
http://www.websec.org
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
- Next message: Deus, Attonbitus: "Re: MS Terminal Services open to the world"
- Previous message: Rob Lindenbusch: "RE: Checkpoint FW-1 on Nokia - potential user enumeration bug?"
- In reply to: Joe Luna: "PerlModule Apache::AuthDBI"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
