I searched for Oracle Web logic vulnerabilities and found this vulnerability: Oracle WebLogic Server Cross-Site Scripting and Manipulation of Data Vulnerabilities (http://secunia.com/community/advisories/51501) I want some sample attack scenarios to test My web site against this vulnerability, Any Help?
Asked
Active
Viewed 924 times
1 Answers
1
Well if you're the owner of the system the simplest way to confirm that your application is not vulnerable would be to ensure that the version number is higher than the affected ones.
Beyond that if you're actively looking to exploit this issue to test for its presence the text explaining the first issue is actually pretty descriptive. To test that you'd likely need to use a proxy such as Burp or OWASP ZAP, then browse to the affected URL, look for the parameter they mention in the description and modify it to inject HTML, something like
"><script>alert(1)</script><"
could be a good starting point.
For the second one unfortunately there's less details, so harder to establish. My typical approach would be to put the CVE number into your search engine of choice and see what comes up.
Rory McCune
- 60,923
- 14
- 136
- 217