JBOSS application deploy via web
Last update data: 22 Jan 2008
First public release: 22 Jan 2008
Author: Ivan Verri aka raist (raist at mediaservice dot net)
JOBSS is an application server/middleware that use Apache Tomcat as jsp engine; this paper explains how to deploy a custom application in order to operate (read, write, execute) with the underlying O.S.
MSSQL Tips
Last update data: 22 Jan 2008
First public release: 22 Jan 2008
Author: Maurizio Agazzini aka inode (inode at mediaservice dot net)
This article is nothing new, but it focalizes on giving all information needed to do a sql injection on a SQL SERVER (mssql). All queries will not modify or add anything to the database.
Oracle cheat sheet
Last update data: 20 Feb 2008
First public release: 20 Feb 2008
Author: Ivan Verri aka raist (raist at mediaservice dot net), Piergiovanni (piergiovanni at mediaservice dot net)
An Oracle cheat sheet
Oracle Portal for Friends
Last update data: 22 Jan 2008
First public release: 22 Jan 2008
Author: Ivan Verri aka raist (raist at mediaservice dot net)
Oracle 10g Application Server till 10.1.2 .1.0 remote exploiting of what described in:
This example makes use of injection in ORASSO.HOME but these path also work:
- JAVA_AUTONOMOUS_TRANSACTION.PUSH
- XMLGEN.USELOWERCASETAGNAMES
- PORTAL.WWV_HTP.CENTERCLOSE
- ORASSO.HOME
- WWC_VERSION.GET_HTTP_DATABASE_INFO