Oracle OAM 10g Session Hijacking
Table of contents Intro Oracle OAM Authentication flow Hijacking the session Global Exposure Proof-of-Concept Webserver Script Proof-of-Concept Video Mitigation CVSS rating Intro TL;DR Badly configured »
TL;DR This weakness allows us to bypass the URL filtering on the RH parameter which could be used to hijack the session of any user »
Intro Windows Remote Assistance allows someone you trust take over your PC and fix a problem from anywhere around the world. It relies on the Remote »
Table of contents Intro Root cause analysis Proof-of-Concept Intro Late last year while setting up a fuzzer to target the SMB protocol, I discovered a vulnerability »
Table of contents Intro Oracle OAM Authentication flow Hijacking the session Global Exposure Proof-of-Concept Webserver Script Proof-of-Concept Video Mitigation CVSS rating Intro TL;DR Badly configured »
This is the presentation video from the HIP 16 presentation Tom and I did earlier this summer. I hope you enjoy it! »