Found XSS vulnerability while doing an audit for Oracle ERP R12 .
Step 1) For this we have to first enable
“Show Log on Screen” -> “Exception” from the “Diagnostics” page.
Below screenshot shows that screen
logging is enabled. Now an attacker can perform Cross Site Scripting.
Step 2) Below screenshot shows that a
SCRIPT tag is entered in the “Search” box, and then click on “Go”.
Below
screenshot shows that the SCRIPT tag is executed by the browser.
No comments:
Post a Comment