Digital Security Research Group [DSecRG] Advisory    #DSECRG-09-025

http://dsecrg.com/pages/vul/show.php?id=125

Application:                    Oracle Secure Enterprise Search (SES)
Versions Affected:              Oracle Secure Enterprise Search (SES) version 10.1.8.2.0  
Vendor URL:                     http://www.oracle.com
Bugs:                           XSS
Exploits:                       YES
Reported:                       21.01.2009
Vendor response:                23.01.2009
Date of Public Advisory:        16.07.2009
CVE:                            CVE-2009-1968
Description:                    XSS IN search query                             
Author:                         Alexandr Polyakov
                                Digital Security Reasearch Group [DSecRG] (research [at] dsecrg [dot] com)


Description
***********

Linked XSS vulnerability found "search" script of Oracle Secure Enterprise Search (SES).  



Details
*******


Vulnerability found  In page /search/query/search. Vulnerable parameter search_p_groups.

Example
*******

http://[localhost]:7777/search/query/search?search.timezone=&search_p_groups="'><IMG%20SRC=javascript:alert(document.cookie)>&q=1234&btnSearch=Search


Attacker can send evil link to logged in administrator, get adminiatrators cookie access to system with Administrator rights



Fix Information
***************


Information was published in CPU July 2009.
All customers can download CPU petches following instructions from: 

http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html 

Original advisory:
http://dsecrg.com/pages/vul/show.php?id=125

Credits
*******
Oracle give a credits for Alexandr Polyakov from Digital Security Company in CPU July 2009.

http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html 



About
*****
Digital Security is one of the leading IT security companies in CEMEA, providing information security consulting, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards. Digital Security Research Group focuses on application and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website.


Contact:        research [at] dsecrg [dot] com
                http://www.dsecrg.com




Polyakov Alexandr
Chief Information Security Analyst
______________________