Interesting things about ECM

2009/10/07

SQL injection vulnerability for Oracle UCM (Stellent) 7.5 and prior

Filed under: Oracle UCM, Vulnerability — Tags: , , — Anthony Fast @ 1:46 pm

Source: http://blog.red-database-security.com/2009/01/29/sql-injection-notes-in-oracle-metalink/

[…..]

Second finding in Metalink was an exploit in the CMS from Stellent (aka Oracle Universal Content Management), aquired by Oracle in 2007. Publishing exploits with customer URLs is a bad style…

———–

Note 733017.1  from October 2008 says:
Version 6.2 of the Content Server has an SQL injection vulnerability.

Oracle was so nice to publish the exploit pointing to a customer site.

Scurity consultant report states:

Severity: 5
Port: 80
Name: SQL injection
Description: “An SQL injection vulnerability was identified in the following page:
http://customer.site/****&dID=1%20and%20convert
(varchar.(select%20@@version))=1

The back-end version return was ‘Microsoft SQL Server 2000 -8′</blockquote>”

– Business Impact:
Potential security threat

Cause
This is a known bug/issue with 7.5 and prior. (internal bug p51038621)

———————————–

Good to know that SQL Injection is just a potential security threat…

UPDATE:
Oracle removed note 733017.1 from Metalink.

Advertisements

Blog at WordPress.com.