Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2012-3153 PoC — Oracle Fusion Middleware Oracle Reports Developer组件未明安全漏洞

Source
https://github.com/Mekanismen/pwnacle-fusion
Associated Vulnerability
Title:Oracle Fusion Middleware Oracle Reports Developer组件未明安全漏洞 (CVE-2012-3153)
Description:Oracle Fusion Middleware(Oracle融合中间件)是美国甲骨文(Oracle)公司的一套面向企业和云环境的业务创新平台。该平台提供了中间件、软件集合等功能。 Oracle Fusion Middleware 11.1.1.4、11.1.1.6、11.1.2.0版本中的Oracle Reports Developer组件中存在未明漏洞。远程攻击者可利用该漏洞通过与Servlet有关的未知向量,影响保密性和完整性。
Description
Automated exploit for CVE-2012-3153 / CVE-2012-3152
Readme
pwnacle-fusion
==============

Automated exploit for Oracle Reports, CVE-2012-3153 / CVE-2012-3152

Credits to @miss_sudo for the disclosure

Usage: ./pwnacle.rb target_url payload_url

This exploit uses both CVEs to upload a .jsp shell from your payload_url which is then reachable from /reports/images/shell.jsp

payload_url should contain a .jsp payload but it could be anything really with some modification.
File Snapshot

 [4.0K]  /data/pocs/14a63497ca67c917d54d966cc01b1246cf884ca7
├── [2.9K]  pwnacle.rb
└── [ 413]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.