Multiple vulnerabilities in Oracle EBS

I’m writing about multiple vulnerabilities which have been found while testing for private program. I would like to thanks dlitchfield for the xss and SQLI.

After the enumeration I got to know that xyz.com is using Oracle EBS so I’ve found multiple vulnerabilities in that.

SQL Injection

Description:

It was observed that page biccfgd2.jsp is vulnerable to SQL injection, which may lead to application compromise. An attacker may add, modify and delete data of application.

Impact:

An attacker may perform wide range of attacks that can be delivered via SQL injection, including reading or modifying critical application data and interfering with application logic. Further this vulnerability can be exploited to escalate privileges.

POC:

I setup the Netcat and run the following query:

As can be seen a http request was made from the vulnerable server to our attacking machine.

XML External Entity Injection

Description:

It was observed that the current installation of WFMs is vulnerable to XML External Entity attack AKA XXE, which may lead to sensitive information disclosure and data exfiltration as well as Server Side Request Forgery.

Impact:

An attacker may perform wide range of attacks such as reading system local files containing sensitive information or use the server as a proxy to perform further attacks such as port scan and exploit other nodes on the same network.

POC:

Setup netcat listener, login with SOCSupervisor user and go to the following link:

After modifying the request

As can been seen a request has been initiated from the server to our attacking machine

Multiple XSS 

It was observed that the ip parameter of printers.php page is vulnerable to cross site scripting attack. Cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application’s immediate response in an unsafe way.

http://xyz.com:8010/OA_HTML/jtfwcall.jsp?areacode=<script>alert(/xss/)</script>

Thanks for reading above vulnerabilities and hope that these were useful. 🙂

 

shubhamgupta

 

4 thoughts on “Multiple vulnerabilities in Oracle EBS

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.