======================================================= Yaniv Miron aka "Lament" Advisory Feb 27, 2010 Oracle Siebel 7.x CRM (7.7, 7.8 tested) Cross Site Scripting Vulnerability ======================================================= ===================== I. BACKGROUND ===================== Siebel Customer Relationship Management (CRM) Applications The world's most complete customer relationship management (CRM) solution, Oracle's Siebel CRM helps organizations differentiate their businesses to achieve maximum top-and bottom-line growth. It delivers a combination of transactional, analytical, and engagement features to manage all customer-facing operations. With solutions tailored to more than 20 industries, Siebel CRM delivers: Comprehensive on premise and on demand CRM solutions. Tailored industry solutions. Role-based customer intelligence and pre-built integration. http://www.oracle.com/us/products/applications/siebel/index.htm ===================== II. DESCRIPTION ===================== A malicious attacker may inject scripts into the Oracle Siebel CRM application. ===================== III. ANALYSIS ===================== Exploitation of this vulnerability results in the execution of arbitrary code using a malicious link. ===================== IV. EXPLOIT ===================== http://example.com/htim_enu/start.swe/?>'"><script>alert('XSS by Lament')</script> ===================== V. DISCLOSURE TIMELINE ===================== Jan 2009 Vulnerability found Jan 2009 Vendor Notification Feb 2010 Public Disclosure ===================== VI. CRETID ===================== Yaniv Miron aka "Lament". lament@xxxxxxxxxx
