跳转到帖子

游客您好,欢迎来到黑客世界论坛!您可以在这里进行注册。

赤队小组-代号1949(原CHT攻防小组)在这个瞬息万变的网络时代,我们保持初心,创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识,您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告,请注册用户查看我们的使用与隐私策略,谢谢您的配合。小组成员可以获取论坛隐藏内容!

TheHackerWorld官方

Oracle Siebel CRM 8.1.1 - CSV Injection

HACK1949
HACK1949
黑帽漏洞数据库

精选回复

发布于 
# Exploit Title: Oracle Siebel CRM 8.1.1 - CSV Injection
# Date: 2018-10-21
# Exploit Author: Sarath Nair aka AceNeon13 
# Contact: @AceNeon13
# Vendor Homepage: www.oracle.com
# Software Link: http://www.oracle.com/us/products/applications/siebel/siebel-crm-8-1-1-066196.html
# Version: Oracle Siebel CRM Version 8.1.1 and below

# PoC Exploit: CSV Injection
# Vulnerable URL: All CSV Export functionalities within the CRM application
# Description: Siebel CRM application was found to be vulnerable to Excel Macro injection vulnerability, 
# in places where user input is allowed (in text form) and the input can then be exported in CSV 
# form. An attacker can change user information to include in his input a malicious excel function. 

=-2+3+cmd|' /C calc'!D

# The function will then be executed on the victim’s machine, 
# once the victim exports the details in CSV format and opens the exported file in Microsoft Excel.

# Impact: The vulnerability doesn’t target the web application but rather its users. 
# A hypothetical attacker could use it, in order to trick other application users into unwillingly 
# executing arbitrary malicious code, potentially leading to full a compromise of their workstation. 
# Although excel has implemented certain features to protect its users 
# (the user is asked whether he wants to execute a potentially harmful external script), 
# the user could easily assume that the content can be trusted since the file is 
# extracted from a trusted source.

# Solution: Disable CSV export in all list applets and where CSV export is available. 
# https://docs.oracle.com/cd/E95904_01/books/Secur/siebel-security-hardening.html#c_Patch_Management_ai1029938a

########################################
# Vulnerability Disclosure Timeline:

2017-November-20: Discovered vulnerability
2017-November-23: Vendor Notification
2017-November-29: Vendor Response/Feedback
2018-October-04: Vendor Fix/Patch/Workaround
2018-October-21: Public Disclosure
########################################

Warm regards,
Sarath Nair

创建帐户或登录后发表意见

转到主题列表

最近浏览 0

  • 没有会员查看此页面。