Exploiting Same Origin Method Execution Vulnerabilities

Recently it came to my attention that it was possible to abuse JSONP callbacks using a vulnerability known as SOME – Same Origin Method Execution which can be used by an attacker to widely abuse a user’s trust between the web application and the intended flow of execution. For example, using the SOME attack it is possible for an attacker to trick a user to visiting a malicious web-page which…

Oracle SQLi Advisory (CVE-2013-2397)

Product Information Product: Oracle Retail Central Office Application : Customer Operations (Add, Search) Affected Version: 13.1, 13.2, 13.3, 13.4 CVE: CVE-2013-2397 Patch Information: http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html Discovered by: Andy Davies Reported by: Andy Davies Background Oracle provides retailers with a complete, open and integrated suite of business applications, server and storage solutions engineered to work together to optimise every aspect of their business. Top retailers worldwide use Oracle Retail solutions to drive performance, deliver critical insights…