Home page logo

bugtraq logo Bugtraq mailing list archives

Oracle Applications/Portal 9i/10g Cross Site Scripting
From: "putosoft softputo" <hasecorp () hotmail com>
Date: Fri, 22 Dec 2006 08:30:42 +0000

There are plenty (hundreds) of Cross Site Scripting vulnerabilities in the Oracle Portal. The following is one that you may found in any version:


The following code will be generated:

<script language=javascript>
top.null = null;alert('Hello!');window.open('http://www.oracle.com/?fix_security_bugs_now&apos;, 'null');//.render(window);


There is no solution. As a workaround, enable mod_security if it's not. Otherwise wait 6 months/1 year for a patch from Oracle Corp.

Dale rienda suelta a tu tiempo libre. Mil ideas para exprimir tu ocio con MSN Entretenimiento. http://entretenimiento.msn.es/

  By Date           By Thread  

Current thread:
  • Oracle Applications/Portal 9i/10g Cross Site Scripting putosoft softputo (Dec 22)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]