XSS in Oracle AS Portal 10g ~ VOGH- VOICE OF GREYHAT| Leading Resource of Cyber Updates & Hacker News

I. VULNERABILITY
-------------------------
XSS in Oracle Portal Database Access Descriptor

II. BACKGROUND
-------------------------
Oracle AS Portal is a Web-based application for building and deploying
portals. It provides a secure, manageable environment for accessing
and interacting with enterprise software services and information
resources.

III. DESCRIPTION
-------------------------
Has been detected a reflected XSS vulnerability in Oracle Application
Server, that allows the execution of arbitrary HTML/script code to be
executed in the context of the victim user's browser.

The code injection is done through the DAD name. A DAD (Database
Access Descriptor) is a set of values that specifies how a database
server should fulfill a HTTP request.

IV. PROOF OF CONCEPT
-------------------------
Original request:
http://<oracle-application-server>/portal/pls/<DAD>

Malicious request:
http://<oracle-application-server>/portal/pls/<XSS injection>

Example 1:
http://<oracle-application-server>/portal/pls/"<H1>XSS vulnerability<XSS

In this scenario, the attacker has the difficulty of being unable to
close the HTML tag because he's can not add the character "/" as part
of the code injection (DAD name). However, it is possible to generate
that character without appearing in the injection. Below is an example.

Example 2:
http://<oracle-application-server>/portal/pls/"<img src=""
onmouseover="document.body.innerHTML=String.fromCharCode(60,72,84,77,76,62,60,72,49,62,88,83,83,60,47,72,49,62,32,60,72,50,62,86,85,76,78,60,47,72,50,62);"><XSS

V. BUSINESS IMPACT
-------------------------
An attacker can execute arbitrary HTML or script code in a targeted
user's browser, this can leverage to steal sensitive information as
user credentials, personal data, etc.

VI. SYSTEMS AFFECTED
-------------------------
Tested in Oracle Application Server Portal (Oracle AS Portal) 10g,
version 10.1.2. Other versions may be affected too.

VII. SOLUTION
-------------------------
Install last CPU (Critical Patch Update).

VIII. REFERENCES
-------------------------
http://www.oracle.com
http://www.isecauditors.com

IX. CREDITS
-------------------------
This vulnerability has been discovered
by Vicente Aguilera Diaz (vaguilera (at) isecauditors (dot) com).

X. REVISION HISTORY
-------------------------
August  11, 2010: Initial release
May     01, 2011: Final revision

XI. DISCLOSURE TIMELINE
-------------------------
August  11, 2010: Discovered by Internet Security Auditors
August  11, 2010: Oracle contacted including PoC.
August  12, 2010: Oracle inform that will investigate
                  the vulnerability.
April   19, 2011: Oracle fixed the vulnerability in the
                  CPU (Critical Patch Update).
May     01, 2011: Sent to lists.

XII. LEGAL NOTICES
-------------------------
The information contained within this advisory is supplied "as-is"
with no warranties or guarantees of fitness of use or otherwise.
Internet Security Auditors accepts no responsibility for any damage
caused by the use or misuse of this information.

XIII. ABOUT
-------------------------
Internet Security Auditors is a Spain based leader in web application
testing, network security, penetration testing, security compliance
implementation and assessing. Our clients include some of the largest
companies in areas such as finance, telecommunications, insurance,
ITC, etc. We are vendor independent provider with a deep expertise
since 2001. Our efforts in R&D include vulnerability research, open
security project collaboration and whitepapers, presentations and
security events participation and promotion. For further information
regarding our security services, contact us.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

<a href=">XSS in Oracle AS Portal 10g"https://www.voiceofgreyhat.com/2011/05/xss-in-oracle-as-portal-10g.html</a>

LINK TO OUR HOME PAGE :

<a href=">VOGH- VOICE OF GREYHAT| Leading Resource of Cyber Updates & Hacker News"https://www.voiceofgreyhat.com/</a>

Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info. Thank You ! -Team VOGH

If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You! -Team VOGH

Categories: vulnerablity