Blind SQL Injection Vulnerabilities reported to Oracle Corporation

Editorial_Staff_Team's picture

Blind SQL Injection Vulnerabilities reported to Oracle Corporation

The well known Vulnerability Laboratory Researcher Shadab Siddiqui (23) from Indian has discovered this week a remote vulnerability with critical severity to oracle. Oracle Corporation (NASDAQ: ORCL) is an american multi-national computer technology corporation that specializes in developing and marketing computer hardware systems and enterprise software products – particularly database management systems.

Laboratory:

https://www.vulnerability-lab.com/show.php?user=Shadab%20Siddiqui

Shadab Siddiqui disovered multiple remote blind SQL Injection vulnerabilities on different parts of the Oracle web infrastructure. The vulnerability allows an attacker (remote) to inject/execute own sql commands on the affected application dbms. Successful exploitation of the vulnerability results in dbms, service & application compromise. The vulnerabilities are located on the shop, campus, education & academy service of oracle.

Affected Service(s):

[+] https://shop.oracle.com

[+] https://campus.oracle.com

[+] https://education.oracle.com

[+] https://academy.oracle.com

With coordination of the oracle security team (Steve M.) the issue has been fixed quickly on all instances of the different web service.

The hotfix on the web-servers has been released within 12 days after the issue has been analysed by oracle security & reported after the report of the vulnerability laboratory team.

[+] 2012-03-28: Vendor Notification

[+] 2012-03-29: Vendor Response/Feedback

[+] 2012-04-11: Vendor Fix/Patch

[+] 2012-04-12: Public or Non-Public Disclosure

Advisory: https://www.vulnerability-lab.com/get_content.php?id=478

Press/News: http://news.softpedia.com/news/Oracle-Fixes-SQL-Injection-Flaws-on-its-Public-Sites-264140.shtml

Rate this article: 
Average: 2.5 (4 votes)

Add new comment

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.