lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <643933476.20090716181500@dsecrg.com>
Date: Thu, 16 Jul 2009 18:15:00 +0400
From: DSecRG <research@...crg.com>
To: bugtraq@...urityfocus.com, vuln@...unia.com,
	packet@...ketstormsecurity.org
Subject: [DSECRG-09-025] Oracle Secure Enterprise Search 10.1.8 Linked  XSS vulnerability



Digital Security Research Group [DSecRG] Advisory    #DSECRG-09-025

http://dsecrg.com/pages/vul/show.php?id=125

Application:                    Oracle Secure Enterprise Search (SES)
Versions Affected:              Oracle Secure Enterprise Search (SES) version 10.1.8.2.0  
Vendor URL:                     http://www.oracle.com
Bugs:                           XSS
Exploits:                       YES
Reported:                       21.01.2009
Vendor response:                23.01.2009
Date of Public Advisory:        16.07.2009
CVE:                            CVE-2009-1968
Description:                    XSS IN search query                             
Author:                         Alexandr Polyakov
                                Digital Security Reasearch Group [DSecRG] (research [at] dsecrg [dot] com)


Description
***********

Linked XSS vulnerability found "search" script of Oracle Secure Enterprise Search (SES).  



Details
*******


Vulnerability found  In page /search/query/search. Vulnerable parameter search_p_groups.

Example
*******

http://[localhost]:7777/search/query/search?search.timezone=&search_p_groups="'><IMG%20SRC=javascript:alert(document.cookie)>&q=1234&btnSearch=Search


Attacker can send evil link to logged in administrator, get adminiatrators cookie access to system with Administrator rights



Fix Information
***************


Information was published in CPU July 2009.
All customers can download CPU petches following instructions from: 

http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html 

Original advisory:
http://dsecrg.com/pages/vul/show.php?id=125

Credits
*******
Oracle give a credits for Alexandr Polyakov from Digital Security Company in CPU July 2009.

http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html 



About
*****
Digital Security is one of the leading IT security companies in CEMEA, providing information security consulting, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards. Digital Security Research Group focuses on application and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website.


Contact:        research [at] dsecrg [dot] com
                http://www.dsecrg.com




Polyakov Alexandr
Chief Information Security Analyst
______________________

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ