Digital Security Research Group [DSecRG] Advisory #DSECRG-09-001

2009-01-16T00:00:00
ID SECURITYVULNS:DOC:21153
Type securityvulns
Reporter Securityvulns
Modified 2009-01-16T00:00:00

Description

Digital Security Research Group [DSecRG] Advisory #DSECRG-09-001

Application: Oracle Application Server (SOA) Versions Affected: Oracle Application Server (SOA) version 10.1.3.1.0
Vendor URL: http://www.oracle.com Bugs: XSS Exploits: YES Reported: 10.01.2008 Vendor response: 11.01.2008 Date of Public Advisory: 13.01.2009 CVE: CVE-2008-4014 Description: XSS IN BPELCONSOLE/DEFAULT/ACTIVITIES.JSP Author: Alexandr Polyakov Digital Security Reasearch Group [DSecRG] (research [at] dsec [dot] ru)

Description


Linked XSS vulnerability found in BPEL module of Oracle Application Server (Oracle SOA Suite).

Details


Linked XSS vulnerability found in BPEL module. In page BPELConsole/default/activities.jsp attacker can inject XSS by appending it to URL

Example


http://[localhost]:8888/BPELConsole/default/activities.jsp?'><script>alert('DSEC_XSS')</script>=DSecRG

Attacker must send injected link to administrator and get adminiatrators cookie.

Code with injected XSS:


</th> <th id="activityLabel" class="ListHeader" align="left" nowrap> <a href='activities.jsp?'><script>alert('DSecRG_XSS')</script>=DSecRG&orderBy=label' class=HeaderLink> Activity Label </a> </th>


Fix Information


Information was published in CPU January 2009. All customers can download CPU petches following instructions from:

http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html

Credits


Oracle give a credits for Alexander Polyakov from Digital Security Company in CPU January 2009.

http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html

About


Digital Security is leading IT security company in Russia, providing information security consulting, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards. Digital Security Research Group focuses on web application and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website.

Contact: research [at] dsec [dot] ru http://www.dsecrg.ru http://www.dsec.ru