Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Oracle Siebel Loyalty 8.1 - Cross-Site Scripting

By kannthu

High
Vidoc logoVidoc Module
#xss#oracle#siebel#packetstorm#edb
Description

What is "Oracle Siebel Loyalty 8.1 - Cross-Site Scripting?"

The "Oracle Siebel Loyalty 8.1 - Cross-Site Scripting" module is designed to detect a vulnerability in Oracle Siebel Loyalty software. This vulnerability allows remote unauthenticated attackers to inject arbitrary JavaScript code into the responses returned by the '/loyalty_enu/s' endpoint. The severity of this vulnerability is classified as high, with a CVSS score of 7.2.

This module was authored by dhiyaneshDK.

Impact

If exploited, this vulnerability can lead to cross-site scripting (XSS) attacks. By injecting malicious JavaScript code into the responses, attackers can potentially steal sensitive user information, manipulate website content, or perform other malicious actions.

How the module works?

The module works by sending a GET request to the '/loyalty_enu/start.swe/%3E%22%3E%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' endpoint. It then applies several matching conditions to determine if the vulnerability exists:

- The response must contain the string "</script><script>alert(document.domain)</script>" - The response header must contain the string "text/html" - The response status code must be 200

If all the matching conditions are met, the module reports the vulnerability.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/loyalty_enu/start.s...
Matching conditions
word: </script><script>alert(document.domain)<...and
word: text/htmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability