Train
PDA

توجه ! این یک نسخه آرشیو شده میباشد و در این حالت شما عکسی را مشاهده نمیکنید برای مشاهده کامل متن و عکسها بر روی لینک مقابل کلیک کنید : Oracle 9iAS PORTAL_DEMO ORG_CHART

NI3
11-13-2003, 11:27 AM
Test ID: 11918
Category: CGI abuses
Title: Oracle 9iAS PORTAL_DEMO ORG_CHART
Summary: Tests for presence of Oracle9iAS PORTAL_DEMO.ORG_CHART
Description:
In your installation of Oracle 9iAS, it is possible to access
a demo (PORTAL_DEMO.ORG_CHART) via mod_plsql. Access to these pages should
be restricted, because it may be possible to abuse this demo for
SQL Injection attacks.


Solution:
Remove the Execute for Public grant from the PL/SQL package in schema
PORTAL_DEMO (REVOKE execute ON portal_demo.org_chart FROM public
).
Please check also Oracle Security Alert 61 for patch-information.

Reference : [Only registered and activated users can see links]

Risk factor : High
Copyright: This script is Copyright (C) 2003 Frank Berger