My New Discovery In Oracle E-Business Login Panel That Allowed To Access For All Employees Information's & In Some cases Passwords At More Than 1000 Companies

Hay Hunters , Hello Infosec Community

Our Topic Here Is About New Discovery In Oracle E-Business Login Panel That Allowed To Access For All Employees Information’s [Emails , First & Last Name , User Name] & In Some cases Access To Data Base Passwords At More Than 1000 Companies That Used Oracle E-Business Login Panel Service

The Best Part Here It Is Not Common Vulnerability And Exposure (CVE) It Is New Vulnerability Due To This Security Issue, I Was Looking & Test It On Companies Deal With This Panel And It Work 100%

Description:

So I Discovery This Bugs On Oracle E-Business Login That When You Visit Its Like This

Target/OA_HTML/AppsLocalLogin.jsp
Target/OA_HTML/ibeCAcpSSOReg.jsp
“X-ORACLE-DMS-ECID” http.title:”Login” 200

Steps To Reproduce For PII:

Visit The Target And Create Account

Target/OA_HTML/ibeCAcpSSOReg.jsp
Target/OA_HTML/AppsLocalLogin.jsp
Move To Manage Proxies
Run Proxy Report
Get Access For All Employees Info
Emails &First name & Last Name & Username
Add For Employees That Start By a For Example In Search And Search
search for a or b or C Etc..
And You Can Search by Username Or First Or Last Name Or Email
And Will Got All Employees Result's

Steps To Reproduce For Passwords:

Note its not In all Panels Enabled

Visit SQL===>
In SQL Statements
===>select * from FND_USER===>RUN SQL
USER_IDs,
USER_NAMEs,
LAST_UPDATE_DATE,
LAST_UPDATED_BY
CREATION_DATE,
CREATED_BY,
LAST_UPDATE_LOGIN,
ENCRYPTED_FOUNDATION_PASSWORDs

--

--

Bug bounty hunter

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store