id: CVE-2017-3528 info: name: Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect author: 0x_Akoko severity: low reference: | - https://blog.zsec.uk/cve-2017-3528/ - https://www.exploit-db.com/exploits/43592 tags: oracle,redirect requests: - method: GET path: - "{{BaseURL}}/OA_HTML/cabo/jsps/a.jsp?_t=fredRC&configName=&redirect=%2f%5cexample.com" matchers: - type: word words: - 'noresize src="/\example.com?configName=' part: body