quentinhardy / odat

ODAT: Oracle Database Attacking Tool
1.62k stars 345 forks source link

`resources/sids.txt` Path is Not Relative #64

Open lpinilla opened 1 year ago

lpinilla commented 1 year ago

Hi!

I was testing out the tool and found a bug. I cloned the tool on a separate folder and then when accessing it from another directory by running /opt/odat/odat.py all -s $IP I get the following error:

[+] Checking if target $IP:1521 is well configured for a connection...
[+] According to a test, the TNS listener $IP:1521 is well configured. Continue...

[1] ($IP:1521): Is it vulnerable to TNS poisoning (CVE-2012-1675)?
[+] Impossible to know if target is vulnerable to a remote TNS poisoning because SID is not given.

[2] ($IP:1521): Searching valid SIDs
[2.1] Searching valid SIDs thanks to a well known SID list on the $IP:1521 server
Traceback (most recent call last):
  File "/opt/odat/odat.py", line 798, in <module>
    main()
  File "/opt/odat/odat.py", line 793, in main
    arguments.func(args)
  File "/opt/odat/odat.py", line 136, in runAllModulesOnEachHost
    runAllModules(args)
  File "/opt/odat/odat.py", line 185, in runAllModules
    validSIDsList = runSIDGuesserModule(args)
  File "/opt/odat/SIDGuesser.py", line 137, in runSIDGuesserModule
    sIDGuesser.searchKnownSIDs()
  File "/opt/odat/SIDGuesser.py", line 89, in searchKnownSIDs
    self.sids += self.__loadSIDsFromFile__()
  File "/opt/odat/SIDGuesser.py", line 52, in __loadSIDsFromFile__
    f = open(self.SIDFile)
FileNotFoundError: [Errno 2] No such file or directory: 'resources/sids.txt'

When running the script on the base folder of the repo, it works. Given that the file resources/sids.txt actually exist on the base folder, it makes me think that this path is not relative to the base folder but to the current dir of where the script is launched (pwd)