[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[DSECRG-09-025] Oracle Secure Enterprise Search 10.1.8 Linked XSS vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx, vuln@xxxxxxxxxxx, packet@xxxxxxxxxxxxxxxxxxxxxxx
Subject: [DSECRG-09-025] Oracle Secure Enterprise Search 10.1.8 Linked XSS vulnerability
From: DSecRG <research@xxxxxxxxxx>
Date: Thu, 16 Jul 2009 18:15:00 +0400


Digital Security Research Group [DSecRG] Advisory    #DSECRG-09-025

http://dsecrg.com/pages/vul/show.php?id=125

Application:                    Oracle Secure Enterprise Search (SES)
Versions Affected:              Oracle Secure Enterprise Search (SES) version 
10.1.8.2.0  
Vendor URL:                     http://www.oracle.com
Bugs:                           XSS
Exploits:                       YES
Reported:                       21.01.2009
Vendor response:                23.01.2009
Date of Public Advisory:        16.07.2009
CVE:                            CVE-2009-1968
Description:                    XSS IN search query                             
Author:                         Alexandr Polyakov
                                Digital Security Reasearch Group [DSecRG] 
(research [at] dsecrg [dot] com)


Description
***********

Linked XSS vulnerability found "search" script of Oracle Secure Enterprise 
Search (SES).  



Details
*******


Vulnerability found  In page /search/query/search. Vulnerable parameter 
search_p_groups.

Example
*******

http://[localhost]:7777/search/query/search?search.timezone=&search_p_groups=";'><IMG%20SRC=javascript:alert(document.cookie)>&q=1234&btnSearch=Search


Attacker can send evil link to logged in administrator, get adminiatrators 
cookie access to system with Administrator rights



Fix Information
***************


Information was published in CPU July 2009.
All customers can download CPU petches following instructions from: 

http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html
 

Original advisory:
http://dsecrg.com/pages/vul/show.php?id=125

Credits
*******
Oracle give a credits for Alexandr Polyakov from Digital Security Company in 
CPU July 2009.

http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html
 



About
*****
Digital Security is one of the leading IT security companies in CEMEA, 
providing information security consulting, audit and penetration testing 
services, risk analysis and ISMS-related services and certification for ISO/IEC 
27001:2005 and PCI DSS standards. Digital Security Research Group focuses on 
application and database security problems with vulnerability reports, 
advisories and whitepapers posted regularly on our website.


Contact:        research [at] dsecrg [dot] com
                http://www.dsecrg.com




Polyakov Alexandr
Chief Information Security Analyst
______________________

Prev by Date: Re[2]: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....
Next by Date: [ GLSA 200907-13 ] PulseAudio: Local privilege escalation
Previous by thread: FRHACK List of Talks and Speakers released
Next by thread: [ GLSA 200907-13 ] PulseAudio: Local privilege escalation
Index(es):
- Date
- Thread