CVE-2009-1975

BEA Product Suite 10.3 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1975. PoCs published by Alexandr Polyakov.

AI-analyzed exploit summary The exploit demonstrates a cross-site scripting (XSS) vulnerability in Oracle WebLogic Server 10.3 by injecting a malicious script into the searchQuery parameter of the console-help.portal page. The payload executes arbitrary JavaScript in the context of the affected site.

Description

Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3 allows remote attackers to affect confidentiality, integrity, and availability, related to the WLS Console Package.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Alexandr Polyakov · textremotemultiple

https://www.exploit-db.com/exploits/33079

View Code ZIP pw:eip

The exploit demonstrates a cross-site scripting (XSS) vulnerability in Oracle WebLogic Server 10.3 by injecting a malicious script into the searchQuery parameter of the console-help.portal page. The payload executes arbitrary JavaScript in the context of the affected site.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Oracle WebLogic Server 10.3

Auth required

Prerequisites: Attacker must have 'WLS Console Package' privileges · Victim must visit the crafted URL

MITRE ATT&CK