ORACLE Subdomain Page Defaced by Indian Hacker


IHOS

IHOS

A group of Indian Hackers dubbed as I-HOS TEAM has successfully defaced a page on the sub domain of Oracle Corporation, biggest provider of enterprise software, computer hardware and Services.
The users visiting the domain are being greeted with a custom webpage with black background and the theme song of an Indian Movie “BOSS”. The defacement page is displaying a logo with title “IHOS – Indian Hackers Online Squad” with a quotation for all the Indian hackers shows, “LOVE TO ALL INDIAN HACKERS OUT THERE.
Neither the website nor the server was actually compromised, but the Hacker going by online alias ‘Bl@Ck Dr@GoN’, actually found a page on the Oracle website that allows him to inject HTML/JavaScript code into the Oracle University Electronic Attendance webpage in order to modify the content, as shown in the screenshot provided

ORACLE Subdomain Defaced using JavaScript Injection

Hacker told THN that anyone is able to edit the Student name on the website and can insert any code, which is not sanitized properly by the Oracle website. This is awful to see that World’s biggest programming and Software company failed to protect their website from very basic Cross Site Scripting vulnerability.

Defaced Link: Click Here

Injected Javascript:

At the time of writing, the website was defaced and in case it got fixed, users may check the defaced website’s mirror at Zone-H.
In most of the cases, a hacker look to promote a specific cause when defacing a high profile site, but in this case there seems to have no specified reason to deface the web page. We mostly have seen the defacement of website by the hackers lifting boring messages like “Hello World” or similar, but this is the first time when Oracle Web page is sounding Yo Yo Honey Singh’s beat-full Song.
Source : The Hacker News