Oracle Cross Site Scripting Vulnerability -Adesh Kolte

Author:

Adesh Nandkishor Kolte (An Independent Cyber Security Resercher)

Founder of Toss Consultancy Pvt Ltd

Vulnerable Module:

Oracle Enterprise Performance Management Workspace

Severity Level:

Medium

Vulnerable URL :

https://docs.oracle.com/cd/E17236_01/epm.1112/hpm_user/frameset.htm?

Payload:

javascript:alert(/xss/)

Vulnerable Parameter:

frameset.htm?

Technical Details & Description:

Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can
execute malicious scripts (also commonly referred to as a malicious payload) into a legitimate
website or web application. XSS is amongst the most rampant of web application
vulnerabilities and occurs when a web application makes use of unvalidated or unencoded
user input within the output it generates.
By leveraging XSS, an attacker does not target a victim directly. Instead, an attacker would
exploit a vulnerability within a website or web application that the victim would visit, essentially
using the vulnerable website as a vehicle to deliver a malicious script to the victim’s browser.
How Cross-site Scripting works
In order to run malicious JavaScript code in a victim’s browser, an attacker must first find a
way to inject a payload into a web page that the victim visits. Of course, an attacker could use
social engineering techniques to convince a user to visit a vulnerable page with an injected
JavaScript payload.
In order for an XSS attack to take place the vulnerable website needs to directly include user
input in its pages. An attacker can then insert a string that will be used within the web page
and treated as code by the victim’s browser.

How to reproduce this issue?
1. Visit This URL It will alert a xss POPUP

https://docs.oracle.com/cd/E17236_01/epm.1112/hpm_userhttps://docs.oracle.com/cd/E17236_01/epm.1112/hpm_user/frameset.htm?javascript:alert(/xss/)avascript:alert(/xss/)

Proof Of Concept:

Vulnerabilty Status:

Fixed

Hall Of Fame:

Thanks For Reading :)