========================================= Yaniv Miron aka "Lament" Advisory Feb 27, 2010 Oracle Siebel 7.x CRM (7.7, 7.8 tested) Cross Site Scripting Vulnerability ========================================= ========================================================================================== Application name: Oracle Siebel CRM Version: 7.x (7.7, 7.8) Class: Input Validation Error Type: Cross Site Scripting (XSS) Remote: Yes Credit: Yaniv Miron aka "Lament" Exploit: http://EXAMPLE.com/htim_enu/start.swe/?>'"> Yaniv Miron aka "Lament". lament@ilhack.org ========================================================================================== ===================== I. BACKGROUND ===================== Siebel Customer Relationship Management (CRM) Applications The world's most complete customer relationship management (CRM) solution, Oracle's Siebel CRM helps organizations differentiate their businesses to achieve maximum top-and bottom-line growth. It delivers a combination of transactional, analytical, and engagement features to manage all customer-facing operations. With solutions tailored to more than 20 industries, Siebel CRM delivers: Comprehensive on premise and on demand CRM solutions Tailored industry solutions Role-based customer intelligence and pre-built integration http://www.oracle.com/us/products/applications/siebel/index.htm ===================== II. DESCRIPTION ===================== A malicious attacker may inject scripts into the Oracle Siebel CRM application. ===================== III. ANALYSIS ===================== Exploitation of this vulnerability results in the execution of arbitrary code using a malicious link. ===================== IV. EXPLOIT ===================== http://EXAMPLE.com/htim_enu/start.swe/?>'"> ===================== V. DISCLOSURE TIMELINE ===================== Jan 2009 Vulnerability Found Jan 2009 Vendor Notification Feb 2010 Public Disclosure ===================== VI. CREDIT ===================== Yaniv Miron aka "Lament". lament@ilhack.org