CVE-2005-4550

Oracle Application Server Discussion Forum Portlet - Unauthenticated Arbitrary File Read via df_next_page Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-4550. PoCs published by Johannes Greil.

AI-analyzed exploit summary The provided text describes multiple vulnerabilities in Oracle Application Server Discussion Forum Portlet, including XSS, HTML injection, and source code disclosure. It includes example URLs demonstrating the vulnerabilities but does not contain executable exploit code.

Description

The PORTAL schema in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to obtain the source code for arbitrary JSP and other files via a df_next_page parameter with a trailing null byte (%00).

Exploits (1)

exploitdb WRITEUP VERIFIED

by Johannes Greil · textwebappsjsp

https://www.exploit-db.com/exploits/26972

View Code ZIP pw:eip

The provided text describes multiple vulnerabilities in Oracle Application Server Discussion Forum Portlet, including XSS, HTML injection, and source code disclosure. It includes example URLs demonstrating the vulnerabilities but does not contain executable exploit code.

Classification

Writeup 90%

Attack Type

Xss | Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: Oracle Application Server Discussion Forum Portlet (all versions)

No auth needed

Prerequisites: Access to the vulnerable Oracle Application Server instance

MITRE ATT&CK