Skip to main content

Cross Site Scripting Vulnerability in Oracle

In November, I reported a Cross Site Scripting bug which was affecting their domain "".

They fixed it within a month & I got listed in their Critical Patches Advisory Later in January.


So as you already know that Cross Site Scripting is an attack in which we can inject custom JavaScript codes & the browser executes them as the part of the page. So for the proof of concept I used a simple alert(document.domain) payload, but the exploitation is not limited.

The domain which was vulnerable was "".

Affected Parameter: tab=INJECT-HERE

Payload: v9msv'onmouseover='alert(document.domain)'style='position:absolute;width:100%;height:100%;top:0;left:0;'poeg2

Encoded: v9msv%27onmouseover=%27alert(document.domain)%27style=%27position:absolute;width:100%;height:100%;top:0;left:0;%27poeg2

So by adding all up, the POC Link was:;width:100%;height:100%;top:0;left:0;%27poeg2

Upon Opening the Link and moving your mouse cursor a little bit, the XSS would been triggered.
Maybe I'll do some other post about the above payload in the future, but I tried some other payloads on the Parameter which didn't work.

Video Poc:

Thanks for reading, lots of more things coming up !


Post a Comment

Popular Posts

Easter Egg | Mr Robot Season 3 Episode 2

Today I'll be sharing with you a little easter egg i found in the Show , Mr Robot.

This easter egg just came as a small snippet from Season 3, Episode 2.
If you've watched this episode you know that in the ending, FBI gets the Email which Elliot sends to Darlene. FBI Officer assuming this email may contain some evidence about Tyrell, opens it up & Clicks on the Link which is on the email. You can see the URL right? FBI officer clicked on this URL.
Now the Easter Egg is hidden here ;) Lets click this URL and see where it takes us to.
a webpage with a base64 encoded code :) lets decode it. 

Now as you can, after decoding the base64, it doesnt really shows up a text or a code. But remember? The URL ended up with "Plans.rar", so this might be a RAR compressed file which was encoded into base64.
Allright lets copy this decoded code and paste it into a text editor and then save it as "Plans.rar"

We got a working RAR file :)
Now lets extract it's contents.

Changing Login Background of Gnome

Most of the Debian Gnome distributions have a blank or solid colored login panel background. Now there's no option in the Tweak Tool or Settings to change, so you need to do it manually by modifying the gnome-shell.css & other files.

Code: WORKDIR=~/tmp/gdm-login-background GST=/usr/share/gnome-shell/gnome-shell-theme.gresource GSTRES=$(basename $GST) mkdir -p $WORKDIR cd $WORKDIR mkdir theme for r in `gresource list $GST`; do gresource extract $GST $r >$WORKDIR$(echo $r | sed -e 's/^\/org\/gnome\/shell\//\//g') done cd theme cp "$IMAGE" ./ echo " #lockDialogGroup { background: #2e3436 url(resource:///org/gnome/shell/theme/$(basename $IMAGE)); background-size: cover; background-repeat: no-repeat; }" >>gnome-shell.css echo '<?xml version="1.0" encoding="UTF-8"?> <gresources> <gresource prefix="/org/gnome/shell/theme">' >"${GSTRES}.xml" for r in `ls *.*`; do …