ZeroBox Vulnerability Database

Date:
=====
2012-04-12

References:
===========
http://www.vulnerability-lab.com/get_content.php?id=478

VL-ID:
=====
478

Introduction:
=============
Oracle Corporation (NASDAQ: ORCL) is an American multinational computer technology corporation that specializes 
in developing and marketing computer hardware systems and enterprise software products � particularly database 
management systems. Headquartered at 500 Oracle Parkway, Redwood Shores, Redwood City, California, United States 
and employing approximately 111,298 people worldwide as of 30 November 2011, it has enlarged its share of the 
software market through organic growth and through a number of high-profile acquisitions. By 2007 Oracle had 
the third-largest software revenue, after Microsoft and IBM.

The company also builds tools for database development and systems of middle-tier software, enterprise resource 
planning software (ERP), customer relationship management software (CRM) and supply chain management (SCM) software.
Larry Ellison, a co-founder of Oracle Corporation, has served as Oracle s CEO throughout its history. He also 
served as the Chairman of the Board until his replacement by Jeffrey O. Henley in 2004. On August 22, 2008 the 
Associated Press ranked Ellison as the top-paid chief executive in the world.

(Copy of the Vendor Homepage: http://en.wikipedia.org/wiki/Oracle_Corporation )

Abstract:
=========
A Vulnerability Laboratory Researcher discovered multiple blind SQL Injection Vulnerabilities on Oracles official service application.

Report-Timeline:
================
2012-03-28:	Vendor Notification
2012-03-29:	Vendor Response/Feedback
2012-04-11:	Vendor Fix/Patch 
2012-04-12:	Public or Non-Public Disclosure

Status:
========
Published

Exploitation-Technique:
=======================
Remote

Severity:
=========
Critical

Details:
========
Multiple remote SQL Injection vulnerabilities are detected on on Oracles official service application(Web-Servers).
The vulnerability allows an attacker (remote) to inject/execute own sql commands on the affected application dbms. Successful 
exploitation of the vulnerability results in dbms, service & application compromise.
The vulnerabilities are located on the shop, campus, education & academy service of oracle.

Vulnerable Module(s):
                                                         [+] emea1-events-remove3
                                                         [+] cn-profile-oardc.jsp?flag=
                                                         [+] us-jobdesc.jsp
                                                         [+] cn-profile-add-oardc.jsp

Affected Service(s):
                                                         [+] https://campus.oracle.com
                                                         [+] http://education.oracle.com
                                                         [+] https://academy.oracle.com
                                                         [+] https://shop.oracle.com