Oracle Reports desname Bug fixed with Fusion Middleware 11g

This time I come back with an old stuff, which I publish nearly 4 years ago (ups, I'm getting old): The famous Oracle Reports desname Bug, my White Paper concerning this can be found under following Link A Security Hole in Oracle Application Server (Reports) and how to ... (Website of my previous employer). Due to this bug (which was never fixed from Oracle in the Oracle Application Server 10g) it was/is possible to override any file to which the oracle user got access (details see in my mentioned White Paper). And now start claping Oracle introduce...

Read More

Security Hole in Fusion Middleware 11g WebLogic Admin Server

After a little bit playing with the new Fusion Middleware 11g I found a small security hole in the WebLogic Admin Server.In order to start the WebLogic Admin Server Oracle provides you a shellscript $MW_HOME/user_projects/domains/$DOMAIN_NAME/startWebLogic.shThe first way you can use this script is in an interactive way, just execute the script and it will prompt you for the WebLogic Admin-User and his Password. But this methode is not usefull for...

Read More