Full Disclosure mailing list archives
Phishing vulnerability in oracle entreprise manager
From: "handrix cobra" <handrix () gmail com>
Date: Sun, 25 Mar 2007 15:24:01 +0000
Product: Oracle Entreprise manager Vulnerabilities: Phishing Level: Medium By: Handrix <handrix_at_morx_org> 25 March 2007 MorX security research team www.morx.org The oracle entreprise manager are vulnerable to phishing attack in help rubric, an attacker can redirect your login and password to an another malicious website. Any way feel free to verify the whole login page contenent before making your sensible information on. Other solution deactivate the help link Simple request : http://www.victimeserver.com:5500/em/console/help/fr/topic?inOHW=false&linkHelp=false&file=http://www.maliciousserver.dot:5500/em/console/ Version: Oracle entreprise manager 10g May be others
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Phishing vulnerability in oracle entreprise manager handrix cobra (Mar 25)