So Hey everyone I am back with another write-up this time its Oracle
This is a really short write-up and there wont be much info
So few weeks back I was sitting at home watching TV and looking at my linked in when the Postman came with my Udacity Swag and I saw a post by someone who found a XSS in Oracle so I thought lets find some..
So I didn't have my laptop ( because i was so lazy to go upstairs) but I had termux in my mobile so I ran sublister against oracle.com and landed on a sub domain which had a directory listing that contained some random stuff looking through it I found some sensitive info such as host names, ip address , passwords etc .
Feb 24 Reported the Issue
Mar 09 Initial Reply
Mar 14 Fix issued
Mar 23 Fixed and HOF approved for Oracle CPU April 17
And I was like