Sunday, November 27, 2011

Oracle Report Server - 2-cent hack trick

I am now working on pentest in a government unit in Hong Kong, they simply expose numerous sexy confidential reports in their Oracle Report Server:

I would like to highlight two interesting points:
1. Execute servlet commands

2. Get some confidential reports from Google or target

For example, you could know other project fund from government

Enjoy :)

- Darkfloyd
Dark Floyd

1 comment:

Anonymous said...

Nice! Found some interesting parts... Have you informed Johny?