• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Oracle 9i Default Configuration File Information Disclosure Vulnerability

Oracle 9iAS includes two important configuration files called "XSQLConfig.xml" and "soapConfig.xml". The configuration files contain sensitive information, such as database usernames and passwords.

Both of these files are accessible to remote clients without any authentication. It is possible for malicious users to access and read the files through a virtual directory.

Possibly sensitive information disclosed to attackers may assist in further attacks.