Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Redirection vulnerability in oracle entreprise manager
From: "handrix cobra" <handrix () gmail com>
Date: Sun, 25 Mar 2007 15:19:33 +0000

Product: Oracle Entreprise manager
Vulnerabilities: Phishing
Level: Medium
By: Handrix <handrix_at_morx_org>
25 March 2007
MorX security research team
www.morx.org

The oracle entreprise manager are vulnerable to phishing attack in help
rubric,
an attacker can redirect your login and password to an another malicious
website.
Any way feel free to verify the whole login page contenent before making
your sensible information on.

Other solution deactivate the help link

Simple request :
http://www.victimeserver.com:5500/em/console/help/fr/topic?inOHW=false&linkHelp=false&file=http://www.maliciousserver.dot:5500/em/console/


Version: Oracle entreprise manager 10g
May be others
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • Redirection vulnerability in oracle entreprise manager handrix cobra (Mar 25)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]