Bugtraq mailing list archives
Oracle 10g Dynamic Monitoring Services XSS /servlet/Spy
From: "Sea Shark" <sead3nx () gmail com>
Date: Tue, 20 Mar 2007 12:14:20 +0200
Hi, Access to http://somesite/servlet/Spy should be restricted. But generally database or system administrators ignore the hardening of Oracle apllications or database. I have noticed XSS bug in Dynamic Monitoring services on Oracle-Application-Server-10g/10.1.2.0.0. http://somesite/servlet/Spy?format=metrictable&cache=false&interval=6400000&table=%3Cscript%3Ealert('inTellectPRO')%3C/script%3E&orderby=Name d3nx
Current thread:
- Oracle 10g Dynamic Monitoring Services XSS /servlet/Spy Sea Shark (Mar 20)