Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Yahoo Hacking of Oracle Technologies V1.00
- © 2005 by Red-Database-Security GmbH
- 1/7
- This document contains information how to find Oracle Oracle technologies with Yahoo.
- It uses similar search strings like the document “Google Hacking of Oracle Technologies”
- This document is not static. Check for updates regularly.
- History: V1.00 - Initial release
- Database Logins
- iSQL*Plus is the web version of SQL*Plus the default user interface for the Oracle database
- iSQL*Plus
- http://search.yahoo.com/search?p=intitle%3AiSQL+intitle%3ARelease+inurl%3Aisqlplus&ei=UTF-
- 8&n=10&fl=0&x=wrt
- iSQL*Plus 9.1
- http://search.yahoo.com/search?p=intitle%3AiSQL+intitle%3ARelease+inurl%3Aisqlplus+intitle%3
- A9.0.1&ei=UTF-8&n=10&fl=0&x=wrt
- iSQL*Plus 9.2
- http://search.yahoo.com/search?p=intitle%3AiSQL+intitle%3ARelease+inurl%3Aisqlplus+intitle%3
- A9.2&ei=UTF-8&n=10&fl=0&x=wrt
- iSQL*Plus 9.2.0.1
- http://search.yahoo.com/search?p=intitle%3AiSQL+intitle%3ARelease+inurl%3Aisqlplus+intitle%3
- A9.2.0.1&ei=UTF-8&n=10&fl=0&x=wrt
- iSQL*Plus 9.2.0.2
- http://search.yahoo.com/search?p=intitle%3AiSQL+intitle%3ARelease+inurl%3Aisqlplus+intitle%3
- A9.2.0.2&ei=UTF-8&n=10&fl=0&x=wrt
- iSQL*Plus 9.2.0.3
- http://search.yahoo.com/search?p=intitle%3AiSQL+intitle%3ARelease+inurl%3Aisqlplus+intitle%3
- A9.2.0.3&ei=UTF-8&n=10&fl=0&x=wrt
- iSQL*Plus 9.2.0.4
- http://search.yahoo.com/search?p=intitle%3AiSQL+intitle%3ARelease+inurl%3Aisqlplus+intitle%3
- A9.2.0.4&ei=UTF-8&n=10&fl=0&x=wrt
- iSQL*Plus 9.2.0.5
- http://search.yahoo.com/search?p=intitle%3AiSQL+intitle%3ARelease+inurl%3Aisqlplus+intitle%3
- A9.2.0.5&ei=UTF-8&n=10&fl=0&x=wrt
- iSQL*Plus 9.2.0.6
- Yahoo Hacking of Oracle Technologies V1.00
- © 2005 by Red-Database-Security GmbH
- 2/7
- http://search.yahoo.com/search?p=intitle%3AiSQL+intitle%3ARelease+inurl%3Aisqlplus+intitle%3
- A9.2.0.6&ei=UTF-8&n=10&fl=0&x=wrt
- iSQL*Plus 10.1
- http://search.yahoo.com/search?p=intitle%3AiSQL+intitle%3ARelease+inurl%3Aisqlplus+intitle%3
- A10.1&ei=UTF-8&n=10&fl=0&x=wrt
- iSQL*Plus 10.1.0.1
- http://search.yahoo.com/search?p=intitle%3AiSQL+intitle%3ARelease+inurl%3Aisqlplus+intitle%3
- A10.1.0.1&ei=UTF-8&n=10&fl=0&x=wrt
- iSQL*Plus 10.1.0.2
- http://search.yahoo.com/search?p=intitle%3AiSQL+intitle%3ARelease+inurl%3Aisqlplus+intitle%3
- A10.1.0.2&ei=UTF-8&n=10&fl=0&x=wrt
- iSQL*Plus 10.1.0.3
- http://search.yahoo.com/search?p=intitle%3AiSQL+intitle%3ARelease+inurl%3Aisqlplus+intitle%3
- A10.1.0.3&ei=UTF-8&n=10&fl=0&x=wrt
- iSQL*Plus 10.1.0.4
- http://search.yahoo.com/search?p=intitle%3AiSQL+intitle%3ARelease+inurl%3Aisqlplus+intitle%3
- A10.1.0.4&ei=UTF-8&n=10&fl=0&x=wrt
- Yahoo Hacking of Oracle Technologies V1.00
- © 2005 by Red-Database-Security GmbH
- 3/7
- Oracle Application Server:
- iAS Demopages
- http://search.yahoo.com/search?p=++%22inurl%3A%2FiASDemos.htm%22&ei=UTF-
- 8&n=10&fl=0&x=wrt
- http://search.yahoo.com/search?p=++%22inurl%3A%2FJ2EEandIA.htm%22&ei=UTF-
- 8&n=10&fl=0&x=wrt
- Oracle Forms
- Oracle Forms 6i (using CGI)
- http://search.yahoo.com/search?_adv_prop=web&x=op&ei=UTF-
- 8&va=f60cgi&va_vt=url&vp_vt=any&vo_vt=any&ve_vt=any&vd=all&vst=0&vf=all&vm=i&fl=0
- &n=100
- http://search.yahoo.com/search?p=+inurl%3Aifcgi60&ei=UTF-8&n=100&fl=0&x=wrt
- Oracle Forms 6i (using Servlets)
- http://search.yahoo.com/search?p=inurl%3Af60servlet&ei=UTF-8&n=100&fl=0&x=wrt
- and
- http://search.yahoo.com/search?p=allinurl%3A+oracle.forms.servlet&ei=UTF-
- 8&n=100&fl=0&x=wrt
- Oracle Forms 9i
- http://search.yahoo.com/search?p=inurl%3Af90servlet&ei=UTF-8&n=100&fl=0&x=wrt
- Oracle Reports
- Oracle Reports 6i
- http://search.yahoo.com/search?p=inurl%3Arwcgi60&ei=UTF-8&n=100&fl=0&x=wrt
- Oracle Reports 9i
- http://search.yahoo.com/search?p=%22inurl%3Arwservlet%22+%22inurl%3Areports%22&ei=UTF-
- 8&n=100&fl=0&x=wrt
- Oracle Discoverer
- Oracle Discoverer 9i Viewer
- http://search.yahoo.com/search?p=%22inurl%3Adiscoverer%2Fviewer%22&ei=UTF-
- 8&n=100&fl=0&x=wrt
- Oracle Discoverer 9i Plus
- http://search.yahoo.com/search?p=%22inurl%3Adiscoverer%2Fplus%22&ei=UTF-
- 8&n=100&fl=0&x=wrt
- Oracle Discoverer 10g
- http://search.yahoo.com/search?p=%22inurl%3Adiscoverer%2Fapp%22&ei=UTF-
- 8&n=100&fl=0&x=wrt
- Yahoo Hacking of Oracle Technologies V1.00
- © 2005 by Red-Database-Security GmbH
- 4/7
- Oracle HTTP Server
- Browsable Oracle HTTP Server Directories
- http://search.yahoo.com/search?p=%22Index+of%22++%22Oracle-HTTP-
- Server%22+Server+at+Port+%22Last+modified%22&ei=UTF-8&n=100&fl=0&x=wrt
- Oracle HTTP Server 1.3.12
- http://search.yahoo.com/search?p=%22Index+of%22++%22Oracle-HTTP-
- Server%22+Server+at+Port+%22Last+modified%22+1.3.12&ei=UTF-8&n=100&fl=0&x=wrt
- Oracle HTTP Server 1.3.19
- http://search.yahoo.com/search?p=%22Index+of%22++%22Oracle-HTTP-
- Server%22+Server+at+Port+%22Last+modified%22+1.3.19&ei=UTF-8&n=100&fl=0&x=wrt
- Oracle HTTP Server 1.3.22
- http://search.yahoo.com/search?p=%22Index+of%22++%22Oracle-HTTP-
- Server%22+Server+at+Port+%22Last+modified%22+1.3.22&ei=UTF-8&n=100&fl=0&x=wrt
- Oracle HTTP Server 1.3.28
- http://search.yahoo.com/search?p=%22Index+of%22++%22Oracle-HTTP-
- Server%22+Server+at+Port+%22Last+modified%22+1.3.28&ei=UTF-8&n=100&fl=0&x=wrt
- Oracle HTTP Server 10g
- http://search.yahoo.com/search?p=%22Index+of%22++%22Oracle-HTTP-
- Server%22+Server+at+Port+%22Last+modified%22++%22Oracle-Application-Server-
- 10g%22&ei=UTF-8&n=100&fl=0&x=wrt
- Oracle Webdav
- http://search.yahoo.com/search?p=%22inurl%3A%2Fdav_public%22&ei=UTF-
- 8&n=100&fl=0&x=wrt
- Oracle Single-Sign-On Page
- http://search.yahoo.com/search?p=%22intitle%3ASingle+Sign-
- On%22+%22Oracle+Corporation%22+%22All+rights+reserved%22&ei=UTF-
- 8&n=100&fl=0&x=wrt
- http://search.yahoo.com/search?p=%22inurl%3Apls%2Forasso%22&ei=UTF-
- 8&n=100&fl=0&x=wrt
- Oracle Portal
- http://search.yahoo.com/search?p=%22inurl%3Apls%2Fportal%22&ei=UTF-
- 8&n=100&fl=0&x=wrt
- Yahoo Hacking of Oracle Technologies V1.00
- © 2005 by Red-Database-Security GmbH
- 5/7
- Oracle HTMLDB
- http://search.yahoo.com/search?p=%22inurl%3Apls%2Fhtmldb%22&ei=UTF-
- 8&n=100&fl=0&x=wrt
- Oracle Internet Directory OIDDAS
- http://search.yahoo.com/search?p=%22inurl%3Aoiddas%22&ei=UTF-8&n=100&fl=0&x=wrt
- Designer generated Web Application
- http://search.yahoo.com/search?p=%22inurl%3Apls%22+%22inurl%3Astartup%22+%22inurl%3A
- %24.%22&ei=UTF-8&n=100&fl=0&x=wrt
- Oracle Enterprise Manager
- Oracle Enterprise Manager 9i
- http://search.yahoo.com/search?p=%22inurl%3A%2Femd%2Fmain%22&ei=UTF-
- 8&n=100&fl=0&x=wrt
- Oracle Enterprise Manager 10g
- http://search.yahoo.com/search?p=%22inurl%3A%2Fem%2Fconsole%22+%22intitle%3AOracle+E
- nterprise+Manager%22++Copyright+Oracle&ei=UTF-8&n=100&fl=0&x=wrt
- Oracle Ultrasearch
- http://search.yahoo.com/search?p=%22inurl%3A%2Fultrasearch%2Fquery%22&ei=UTF-
- 8&n=100&fl=0&x=wrt
- Oracle Lite 9i
- http://search.yahoo.com/search?p=%22inurl%3Awebtogo%2Findex.html%22&ei=UTF-
- 8&n=100&fl=0&x=wrt
- Oracle Jinitator Download Page
- http://search.yahoo.com/search?p=%22inurl%3Ajinitiator%22+%22intitle%3AOracle+JInitiator%22
- +%22intitle%3ADownload+Page%22&ei=UTF-8&n=100&fl=0&x=wrt
- Oracle mod_plsql-related
- Oracle DAD Config Page
- http://search.yahoo.com/search?p=%22inurl%3A%2Fpls%2Fadmin_%2Fgateway.htm%22+&ei=UT
- F-8&n=100&fl=0&x=wrt
- http://search.yahoo.com/search?p=inurl%3Aadmin_%2Fglobalsettings.htm&ei=UTF-
- 8&n=100&fl=0&x=wrt
- Yahoo Hacking of Oracle Technologies V1.00
- © 2005 by Red-Database-Security GmbH
- 6/7
- Oracle Pages with wrong DAD configuration
- http://search.yahoo.com/search?p=%22No+DAD+configuration+Found%22++%22DAD+Name%22
- &ei=UTF-8&n=100&fl=0&x=wrt
- Oracle JDeveloper:
- Oracle OC4j connections.xml
- http://search.yahoo.com/search?p=+%22inurl%3Aconnections+xml%22+filetype%3Axml&ei=UTF-
- 8&n=100&fl=0&x=wrt
- Oracle JSP with error messages “at oracle.jsp”
- http://search.yahoo.com/search?p=%22at+oracle.jsp.%22+%22Exception%3A%22+%22Request+U
- RI%3A%22+%22JSP+Error%3A%22&ei=UTF-8&n=100&fl=0&x=wrt
- Oracle JSP with error messages “at oracle.jdbc”
- http://search.yahoo.com/search?p=%22at+oracle.jdbc%22+%22Exception%3A%22++%22JSP+Erro
- r%22&ei=UTF-8&n=100&fl=0&x=wrt
- Oracle UIX Applications:
- http://search.yahoo.com/search?p=inurl%3Auix+inurl%3Aimtapp&ei=UTF-8&n=100&fl=0&x=wrt
- Oracle Web Conferencing:
- http://search.yahoo.com/search?p=%22inurl%3A%2Fimtapp%22+Conference&ei=UTF-
- 8&n=100&fl=0&x=wrt
- OracleAS Wireless Portal:
- http://search.yahoo.com/search?p=%22inurl%3Aptg%2Frm%22&ei=UTF-8&n=100&fl=0&x=wrt
- Oracle iLearning:
- http://search.yahoo.com/search?p=%22inurl%3A%2Filearn%2Fen%22&ei=UTF-
- 8&n=100&fl=0&x=wrt
- Oracle FilesOnline:
- http://search.yahoo.com/search?p=%22inurl%3A%2Ffiles%2Fapp%2FHomePage%22&ei=UTF-
- 8&n=100&fl=0&x=wrt
- Oracle iStore:
- http://search.yahoo.com/search?p=%22inurl%3A%2FOA_HTML%2F%22&ei=UTF-
- 8&n=100&fl=0&x=wrt
- Oracle CRM Login Page:
- http://search.yahoo.com/search?p=%22inurl%3A%2FOA_HTML%2Fjtflogin.jsp%22&ei=UTF-
- 8&n=100&fl=0&x=wrt
- Yahoo Hacking of Oracle Technologies V1.00
- © 2005 by Red-Database-Security GmbH
- 7/7
- Related Links:
- Google Hacking for Oracle Technologies:
- http://www.red-database-security.com/wp/google_oracle_hacking_us.pdf
- Search Engines Used to Attack Databases:
- http://www.appsecinc.com/presentations/Search_Engine_Attack_Database.pdf
- Johnny Long’s Google Hacking Webpage:
- http://johnny.ihackstuff.com/
- Other Oracle security related documents:
- Hardening Oracle Application Server 9i Rel.1, 9i Rel.2 and 10g:
- http://www.red-database-security.com/wp/DOAG_2004_us.pdf
- Hardening Oracle DBA and Developer Workstations:
- http://www.red-database-security.com/wp/hardening_admin_pc_us.pdf
- Database Rootkits:
- http://www.red-database-security.com/wp/db_rootkits_us.pdf
- SQL Injection in Oracle Forms:
- http://www.red-database-security.com/wp/sql_injection_forms_us.pdf
- About Red-Database Security GmbH:
- Red-Database-Security GmbH is a specialist in Oracle Security. We are offerings Oracle security
- trainings, database and application server audits, penetration tests, oracle (security) architecture
- reviews and software security solutions against Oracle rootkits.
- Contact:
- If you have questions or comments you could contact us via
- info at red-database-security.com
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement