Red-Database-Security GmbH is specialized in Oracle SecurityProductsRepscan 2.5 Hedgehog Enterprise Checkpwd (free)
Services
Information
Company |
Cross Site Scripting in iSQLPlus logon parameter
Details The logon parameter of the iSQL*plus login mask is vulnerable against Cross Site Scripting. Example http://server/isqlplus?action=logon&username=dummy%22%3e%3cscript%3ealert('CSS')%3c/script%3e\&password=dsfsd%3cscript%3ealert('CSS')%3c/script%3e Patch Information Apply the latest Oracle patchsets. © 2005 by Red-Database-Security GmbH - last update 02-nov-2005 |
Hardening Oracle Application Server
|